clkroot.net

Here’s a quick how-to install a secure VPN between a FreeBSD server and a Microsoft client (tested on 2K/XP/Vista) using OpenVPN.

As superuser on the FreeBSD machine:

# cd /usr/ports/security/openvpn-devel
# make install distclean
# rehash
# cd /usr/local/etc
# mkdir -m 700 openvpn
# openvpn --genkey --secret static.key


• Create a file called /usr/local/etc/openvpn/server.conf and enter the contents of the server.conf file that is printed at the end of this post.
• Then to secure everything from other users, make sure you only allow root access to the files inside the openvpn directoy: chmod 600 *
• Edit the file /usr/local/etc/smb.conf and find the line that starts with “hosts allow =” and add 10.9.0.2 to the list of networks allowed to have access to the shares.
• Edit the file /etc/rc.conf and add the following:

openvpn_enable="yes"
openvpn_if="tun"
openvpn_configfile="/usr/local/etc/openvpn/server.conf"


Finally on the FreeBSD machine:

# /usr/local/etc/rc.d/samba restart
# /usr/local/etc/rc.d/openvpn start


As an administrator on the Microsoft machine:

• Download and install the latest OpenVPN release with all options.
• Securely copy the /usr/local/etc/openvpn/static.key file from the FreeBSD machine to C:\Program Files\OpenVPN\config.
• Add in that same folder a file called client.ovpn with the contents at the end of this post. Run OpenVPN Gui and right-click -> Connect.
• Connection should be successful and you should have access to your shares by entering \\10.9.0.1 in any Explorer window.

Things to check if it is not working:

• All firewalls should pass UDP traffic on the port that OpenVPN binds to (default is 1194).
• Make sure SAMBA allows access from the tunneled IP.

server.conf

; port 1194
dev tun
ifconfig 10.9.0.1 10.9.0.2
secret static.key
# enable LZO compression
comp-lzo
user nobody
group nobody


client.ovpn

remote SERVER’S INTERNET IP ADDRESS OR HOSTNAME (ex: clkroot.net)
; port 1194
dev tun
ifconfig 10.9.0.2 10.9.0.1
secret static.key
# enable LZO compression
comp-lzo