How to install and configure OpenVPN client on OpenBSD

last updated in Categories , , ,

I have a file named openvpn.client.ovpn. How do I use this file to connect my OpenBSD based desktop to remote OpenVPN server and setup secure VPN? How do I configure OpenVPN client on OpenBSD Unix system?

Introduction: OpenBSD is a free and open source operating system with a strong focus on security. OpenVPN is a free and open-source software application that implements virtual private network (VPN) techniques to create secure point-to-point or site-to-site connections. This page shows how to install OpenVPN on a OpenBSD desktop and connect to the remote OpenVPN server using a .ovpn file.

How to configure OpenVPN client on OpenBSD desktop

You need to use the pkg_add command to install or update software packages on OpenBSD based system. The syntax is pretty simple:
pkg_add pkgNameHere
pkg_add -v pkgNameHere

Make sure /etc/installurl setup correctly. Here is a sample /etc/installurl displayed using the cat command:
$ cat /etc/installurl
https://cloudflare.cdn.openbsd.org/pub/OpenBSD

Install OpenVPN on OpenBSD

To install openvpn just type the following pkg_add command:
# pkg_add -v openvpn
How to install and configure OpenVPN client on OpenBSD

OpenVPN client configuration on OpenBSD

I am assuming that you have a file named openbsd.ovpn. The format is as follows:
cat openbsd.ovpn
Sample outputs:

client
dev tun
proto tcp
sndbuf 0
rcvbuf 0
remote 131.x.y.z 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-128-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>
-----BEGIN CERTIFICATE----
.....
..
...
-----END CERTIFICATE------
</ca>
<cert>
Certificate:
    Data:
        Version: 3 (0x2)
.....
..
..-----END OpenVPN Static key V1-----
</tls-auth>

Install OpenVPN config file

Make a directory using the mkdir command:
# mkdir /etc/openvpn/
Copy openbsd.ovpn file from remote openvpn server using the openvpn command (see how to setup OpenVPN server on a Debian Linux or Ubuntu Linux) :
# scp vivek@openvpn-linode-box:~/.openvpn/openbsd.ovpn /etc/openvpn/

Create a file named /etc/hostname.tun0

Use a text editor such as vi command:
# vi /etc/hostname.tun0
Append the following config:

up
!/usr/local/sbin/openvpn --daemon --config /etc/openvpn/openbsd.ovpn

Save and close the file in vi/vim.
OpenVPN normally re-creates the tun/tap interface at startup. OpenVPN should be started from the hostname.tun0.

Running openvpn on OpenBSD

No need to reboot the desktop. You can bring VPN online using the following command:
# /usr/local/sbin/openvpn --daemon --config /etc/openvpn/openbsd.ovpn

Verification

Use the ifconfig command to see tun0 interface:
# ifconfig tun0
Running openvpn on OpenBSD
Get routing info:
# netstat -nr
# netstat -nr -f inet | more

Make sure you can ping the gateway using the ping command:
$ ping 10.8.0.1
$ ping google.com
#######################################################################
### your vpn server also act as a dns server to hide dns queries too ##
$ host cyberciti.biz 10.8.0.1

Finally find out your public IP address from the command line on OpenBSD using host command/dig command:
$ dig +short myip.opendns.com @resolver1.opendns.com
OR
$ host myip.opendns.com resolver1.opendns.com
Sample VPN server IP address:

"131.x.y.z"

Conclusion

And there you have it, OpenVPN client running suceesfully on OpenBSD desktop. For more info see this page here and here.

This entry is 5 of 5 in the Open Source Virtual Private Network (VPN) series. Keep reading the rest of the series:
  1. How To Setup OpenVPN Server In 5 Minutes on Ubuntu Server
  2. How to install tinc VPN on Ubuntu Linux 16.04 to secure traffic
  3. Run two or multiple networks instance of Tinc VPN
  4. How to import a OpenVPN .ovpn file with Network Manager
  5. How to install and configure OpenVPN client on OpenBSD

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Share this on (or read 0 comments/add one below):

Join the discussion at www.nixcraft.com