Page 1 of 1

OpenVPN server on Openbsd 5.2 (EasyRSA 3, Libre SSL)

Posted: Mon Dec 22, 2014 10:22 am
by chrisunix
Hello everyone.
In case anyone is interested - I have prepared a guide for running OpenVPN on OpenBSD 5.2.

Any comments / additions / critics are welcome.
Please forgive me if I am slow to respond to your posts.

Highlights of this guide:
[*]OpenVPN community version - available as package for OpenBSD
[*]creating keys and certificates using easy-rsa 3
[*]chrooted env
[*]Using pre-shared secret in addition to SSL - as additional protection (also against DOS attacks)
[*]startup via /etc/hostname and (optionally) also via /etc/rc.d/openvpn script
[*]example pf.conf firewall rules
[*]settings for samba wins
[*]optional - additional authentication (vpn username/password) using simple custom script
[*]optional - additional authentication using ldap/bsd (when not-chrooted)
[*]appendix - fixing EasyRSA3 error "Missing or invalid OpenSSL"
[*]appendix - migration of certificates/keys framework from easyrsa 2.0 to easyrsa 3