Introduction: OpenBSD is a free and open source operating system with a strong focus on security. OpenVPN is a free and open-source software application that implements virtual private network (VPN) techniques to create secure point-to-point or site-to-site connections. This page shows how to install OpenVPN on a OpenBSD desktop and connect to the remote OpenVPN server using a .ovpn file.
How to configure OpenVPN client on OpenBSD desktop
You need to use the pkg_add command to install or update software packages on OpenBSD based system. The syntax is pretty simple:
pkg_add pkgNameHere
pkg_add -v pkgNameHere
Make sure /etc/installurl setup correctly. Here is a sample /etc/installurl displayed using the cat command:
$ cat /etc/installurl
https://cloudflare.cdn.openbsd.org/pub/OpenBSD
Install OpenVPN on OpenBSD
To install openvpn just type the following pkg_add command:
# pkg_add -v openvpn
OpenVPN client configuration on OpenBSD
I am assuming that you have a file named openbsd.ovpn. The format is as follows:
cat openbsd.ovpn
Sample outputs:
client dev tun proto tcp sndbuf 0 rcvbuf 0 remote 131.x.y.z 443 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server cipher AES-128-CBC comp-lzo setenv opt block-outside-dns key-direction 1 verb 3 <ca> -----BEGIN CERTIFICATE---- ..... .. ... -----END CERTIFICATE------ </ca> <cert> Certificate: Data: Version: 3 (0x2) ..... .. ..-----END OpenVPN Static key V1----- </tls-auth> |
Install OpenVPN config file
Make a directory using the mkdir command:
# mkdir /etc/openvpn/
Copy openbsd.ovpn file from remote openvpn server using the openvpn command (see how to setup OpenVPN server on a Debian Linux or Ubuntu Linux) :
# scp vivek@openvpn-linode-box:~/.openvpn/openbsd.ovpn /etc/openvpn/
Create a file named /etc/hostname.tun0
Use a text editor such as vi command:
# vi /etc/hostname.tun0
Append the following config:
up !/usr/local/sbin/openvpn --daemon --config /etc/openvpn/openbsd.ovpn |
Save and close the file in vi/vim.
OpenVPN normally re-creates the tun/tap interface at startup. OpenVPN should be started from the hostname.tun0.
Running openvpn on OpenBSD
No need to reboot the desktop. You can bring VPN online using the following command:
# /usr/local/sbin/openvpn --daemon --config /etc/openvpn/openbsd.ovpn
Verification
Use the ifconfig command to see tun0 interface:
# ifconfig tun0
Get routing info:
# netstat -nr
# netstat -nr -f inet | more
Make sure you can ping the gateway using the ping command:
$ ping 10.8.0.1
$ ping google.com
#######################################################################
### your vpn server also act as a dns server to hide dns queries too ##
$ host cyberciti.biz 10.8.0.1
Finally find out your public IP address from the command line on OpenBSD using host command/dig command:
$ dig +short myip.opendns.com @resolver1.opendns.com
OR
$ host myip.opendns.com resolver1.opendns.com
Sample VPN server IP address:
"131.x.y.z"
Conclusion
And there you have it, OpenVPN client running suceesfully on OpenBSD desktop. For more info see this page here and here.