Openvpn, server FreeBSD, clients Ubuntu and Windows XP

Posted by Pavlo Khmel on Mon 09 July 2007

Server

Install

cd /usr/ports/security/openvpn
make install

Add to /etc/rc.conf

openvpn_enable="YES"

Configuration file

cd /usr/local/etc/
mkdir openvpn
cd openvpn
touch openvpn.conf

File openvpn.conf

dev tun
server 10.1.0.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
tls-server
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
proto tcp
port 5000
comp-lzo
keepalive 10 120
verb 4

Create certificate

cp -r /usr/local/share/doc/openvpn/easy-rsa /home/myuser/
cd /home/myuser/easy-rsa

Edit file vars

export KEY_COUNTRY=NO
export KEY_PROVINCE=TH
export KEY_CITY=Trondheim
export KEY_ORG="khmel.org"
export KEY_EMAIL="test@khmel.org"

Run

sh
. vars
./clean-all
./build-ca

Answers example:

Organizational Unit Name (eg, section) []: office
Common Name (eg, your name or your server's hostname) []: server

Create certificates and keys for server

./build-key-server server

Answers example

Organizational Unit Name (eg, section) []: office
Common Name (eg, your name or your server's hostname) []: server
A challenge password []:
An optional company name []: na
Sign the certificate? [y/n]: y
1 out of 1 certificate requests certified, commit? [y/n]
: y
# you should see
Write out database with 1 new entries
Data Base Updated

Create client key

./build-key client

Answers example

Organizational Unit Name (eg, section) []:client
Common Name (eg, your name or your server's hostname) []:client

Run

./build-dh
exit

Copy keys to /usr/local/etc/openvpn:

cp -r keys/* /usr/local/etc/openvpn/

Files list

ca.crt
server.crt
server.key
dh1024.pem

Client Windows XP

Internal network 192.168.1.0

Download and install GUI client http://www.openvpn.se
Copy keys: ca.crt, client.crt, client.key to C:Program FilesOpenvpnconfig

Create file C:Program FilesOpenvpnconfigopenvpn.ovpn

dev tun
client
remote 88.111.222.77 5000
tls-client
ca ca.crt
cert client.crt
key client.key
proto tcp-client
comp-lzo
verb 4

Client Ubuntu Linux 7.04

Install package openvpn.

Add files to /etc/openvpn/

ca.crt
client.crt
client.key

Create fiel openvpn.ovpn

openvpn --config /etc/openvpn/openvpn.ovpn

Example

dev tun
client
remote 88.111.222.77 5000
tls-client
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key
proto tcp-client
comp-lzo
verb 4