고정 헤더 영역
상세 컨텐츠
본문
Introduction OpenVPN is an open-source virtual private network (VPN) server/client application which allows you to join a virtual network (similar to a LAN) securely. This tutorial will explain how to install and configure an OpenVPN server on a FreeBSD 10.1 machine with IPv4 NAT and routing. It includes short explanations of various configuration options. By the end of this tutorial you'll be running your own OpenVPN server, and have a client configuration file ready to download to connect to this network. Prerequisites. A FreeBSD 10.1 Droplet. Droplet size depends on how many clients you intend to connect to the VPN; 519 MB is fine for a few clients.
Configuring The Bsd Vpn (racoon For Mac Download
How to get your VPN settings out of the built-in mac VPN client. You don't need the Fancy Schmancy Decoder Ring to get your settings back out of the built-in Mac VPN client. Just head over to the Keychain Access application (under Applications -> Utilities) and search for 'VPN'. Double-click your IPSec Shared Secret to open up the window.
Root access. Sudo is pre-installed on DigitalOcean, so there's nothing extra to do This tutorial requires root access. On DigitalOcean, access the server as the default freebsd user, then access the root shell: sudo tcsh Step 1 — Installing OpenVPN Installing OpenVPN with the pkg system is quite simple. Simply run these commands to update the package lists and install the VPN software: pkg update pkg install openvpn This should also install the easy-rsa package, which will be used to generate the SSL key pairs. Step 2 — Configuring the OpenVPN Server For this tutorial we will base our configuration file on the sample one provided by OpenVPN. We'll create a configuration folder for OpenVPN: mkdir /usr/local/etc/openvpn Copy the example server.conf file to the new directory.
Cp /usr/local/share/examples/openvpn/sample-config-files/server.conf /usr/local/etc/openvpn/server.conf Install nano or your favorite text editor: pkg install nano Open the config file for editing: nano /usr/local/etc/openvpn/server.conf Note: The OpenVPN configuration file format prefixes comments with semicolons (;) or hashes ( #). In the example, semicolons are used to comment (disable) configuration options, and hashes are used for comments. If you know what configuration options you want to modify you may do so at this point.
Optional port: The default port is 1194, but you can change this to anything you like. Optional proto: Choose either tcp or udp; the default is fine. user and group: Set these to nobody by uncommenting the lines. This will make OpenVPN run with fewer privileges, for security user nobody group nobody Note: Each configuration can run only one port and protocol at once.
Bsd Vpn
Finally, be sure to save your changes. Step 3 — Generating Server Certificates and Keys easy-rsa makes generating certs and keys simple. First, copy the program to your configuration directory, since you will be modifying values. Cp -r /usr/local/share/easy-rsa /usr/local/etc/openvpn/easy-rsa Open the vars file for editing: nano /usr/local/etc/openvpn/easy-rsa/vars Change the key size by modifying this line: export KEYSIZE= 2048 These days the standard is 2048-bit keys, although you can also use 4096-bit, which is more secure but slows down negotiation. If you like you can also set the default certificate and key values in this file so you don't have to enter them later. Since the shell we're using is tcsh, the export lines need to be replaced with setenv. This is done with sed before the source.
Configuring The Bsd Vpn (racoon For Mac Free
Move to our easy-rsa directory (required). Cd /usr/local/etc/openvpn/easy-rsa/ Replace the lines: cat./vars sed -e 's/export /setenv /g' -e 's/=/ /g' source /dev/stdin Still from our /usr/local/etc/openvpn/easy-rsa/ directory, first clean the directory, then build the certificate authority (CA)./clean-all./build-ca You will be prompted to set the CA options. Fill these in with your details: Country Name (2 letter code) US: GB State or Province Name (full name) CA: Somerset Locality Name (eg, city) SanFrancisco: Bath Organization Name (eg, company) Fort-Funston: Callum Organizational Unit Name (eg, section) changeme: VPN Common Name (eg, your name or your server's hostname) changeme: vpn.example.com Name changeme: Callum's VPN CA Email Address mail@host.domain: callum@example.com Now build the server key:./build-key-server server Again, set the options. You do not need a password or an optional company name.
