The net/openvpn port
openvpn-2.6.12 – easy-to-use, robust, and highly configurable VPN (cvsweb github mirror)
Description
OpenVPN is an easy-to-use, robust, highly configurable, cross-platform VPN (Virtual Private Network) daemon which can be used to securely link two or more private networks using an encrypted tunnel over the internet. It can forward a tun(4) interface over a single UDP or TCP port with support for NAT, dynamic endpoints, compression, fragmentation and keep- alive. It uses OpenSSL's encryption, authentication, and certification features, with static keys, certificates or TLS-based key exchange. Flavors: mbedtls - use mbedTLS instead of LibreSSLWWW: https://openvpn.net/index.php/open-source/
Readme
+----------------------------------------------------------------------- | Running ${PKGSTEM} on OpenBSD +----------------------------------------------------------------------- Compatibility with older OpenVPN releases ----------------------------------------- OpenVPN 2.6 has compression disabled by default and may need '--allow-compression asym' to work against a server which has compression enabled. Using the openvpn rc script --------------------------- # rcctl enable openvpn # rcctl set openvpn flags '--config /etc/openvpn/server.conf' To handle multiple openvpn instances see EXAMPLES in rcctl(8). Using an /etc/hostname.* file without persist-tun ------------------------------------------------- OpenVPN normally re-creates the tun/tap interface at startup. This has been reported to cause problems with some PF configurations (especially with queueing), if you run into problems with this then OpenVPN should be started from the hostname.* file, e.g.: # cat << EOF > /etc/hostname.tun0 up !LD_LIBRARY_PATH=${LOCALBASE}/lib:/usr/lib ${TRUEPREFIX}/sbin/openvpn \ --daemon --config ${SYSCONFDIR}/openvpn/server.conf EOF (Or use hostname.tap0 for a layer-2 connection). Using an /etc/hostname.* file with persist-tun ---------------------------------------------- When the persist-tun option is used, the tun(4) or tap(4) interface can be configured before OpenVPN is started, just like any other interface. The example below configures a point-to-point link between two sites accross an OpenVPN tunnel. Site-1 has tunnel end point 10.1.1.1 and local network 192.168.0.0/24. Site-2 has tunnel end point 10.1.1.2 and local network 192.168.1.1/24. The sites connect their local networks via the tunnel. Site-1: # cat << EOF > /etc/hostname.tun0 inet 10.1.1.1 255.255.255.255 NONE dest 10.1.1.2 !/sbin/route add -host 10.1.1.1 127.0.0.1 !/sbin/route add -net 192.168.1.1/24 10.1.1.2 EOF Site-2: # cat << EOF > /etc/hostname.tun0 inet 10.1.1.2 255.255.255.255 NONE dest 10.1.1.1 !/sbin/route add -host 10.1.1.2 127.0.0.1 !/sbin/route add -net 192.168.0.0/24 10.1.1.1 EOF In this case, there is no need to configure an IP address on the tun interface from the OpenVPN configuration file. The tun interface will become active when OpenVPN starts using it. A suitable OpenVPN configuration file for site-1 might look as follows: daemon dev tun0 persist-tun proto udp local site-1.example.com remote site-2.example.com secret /etc/openvpn/secret.key ping 10 ping-restart 60 Running OpenVPN in chroot ------------------------- OpenVPN can run as an unprivileged user inside chroot when the persist-tun, persist-key, and persist-local-ip options are used. Note that persist-local-ip requires that OpenVPN is listening on an interface with a static IP address. To chroot OpenVPN, use the following as part of your configuration file: persist-tun persist-key persist-local-ip user _openvpn group _openvpn chroot /var/empty
Maintainer
Jeremie Courreges-Anglas
Categories
Library dependencies
Build dependencies
Test dependencies
Reverse dependencies
Files
- /etc/rc.d/openvpn
- /usr/local/include/openvpn/
- /usr/local/include/openvpn/openvpn-msg.h
- /usr/local/include/openvpn/openvpn-plugin.h
- /usr/local/lib/openvpn/
- /usr/local/lib/openvpn/plugins/
- /usr/local/lib/openvpn/plugins/openvpn-plugin-down-root.a
- /usr/local/lib/openvpn/plugins/openvpn-plugin-down-root.la
- /usr/local/lib/openvpn/plugins/openvpn-plugin-down-root.so
- /usr/local/man/man5/openvpn-examples.5
- /usr/local/man/man8/openvpn.8
- /usr/local/sbin/openvpn
- /usr/local/share/doc/openvpn/
- /usr/local/share/doc/openvpn/COPYING
- /usr/local/share/doc/openvpn/COPYRIGHT.GPL
- /usr/local/share/doc/openvpn/Changes.rst
- /usr/local/share/doc/openvpn/README
- /usr/local/share/doc/openvpn/README.down-root
- /usr/local/share/doc/openvpn/README.mbedtls
- /usr/local/share/doc/openvpn/gui-notes.txt
- /usr/local/share/doc/openvpn/management-notes.txt
- /usr/local/share/doc/openvpn/openvpn-examples.5.html
- /usr/local/share/doc/openvpn/openvpn.8.html
- /usr/local/share/doc/pkg-readmes/openvpn
- /usr/local/share/examples/openvpn/
- /usr/local/share/examples/openvpn/sample-config-files/
- /usr/local/share/examples/openvpn/sample-config-files/README
- /usr/local/share/examples/openvpn/sample-config-files/client.conf
- /usr/local/share/examples/openvpn/sample-config-files/firewall.sh
- /usr/local/share/examples/openvpn/sample-config-files/loopback-client
- /usr/local/share/examples/openvpn/sample-config-files/loopback-server
- /usr/local/share/examples/openvpn/sample-config-files/openvpn-shutdown.sh
- /usr/local/share/examples/openvpn/sample-config-files/openvpn-startup.sh
- /usr/local/share/examples/openvpn/sample-config-files/server.conf
- /usr/local/share/examples/openvpn/sample-keys/
- /usr/local/share/examples/openvpn/sample-keys/README
- /usr/local/share/examples/openvpn/sample-keys/ca.crt
- /usr/local/share/examples/openvpn/sample-keys/ca.key
- /usr/local/share/examples/openvpn/sample-keys/client-ec.crt
- /usr/local/share/examples/openvpn/sample-keys/client-ec.key
- /usr/local/share/examples/openvpn/sample-keys/client-pass.key
- /usr/local/share/examples/openvpn/sample-keys/client.crt
- /usr/local/share/examples/openvpn/sample-keys/client.key
- /usr/local/share/examples/openvpn/sample-keys/client.p12
- /usr/local/share/examples/openvpn/sample-keys/dh2048.pem
- /usr/local/share/examples/openvpn/sample-keys/gen-sample-keys.sh
- /usr/local/share/examples/openvpn/sample-keys/openssl.cnf
- /usr/local/share/examples/openvpn/sample-keys/server-ec.crt
- /usr/local/share/examples/openvpn/sample-keys/server-ec.key
- /usr/local/share/examples/openvpn/sample-keys/server.crt
- /usr/local/share/examples/openvpn/sample-keys/server.key
- /usr/local/share/examples/openvpn/sample-keys/ta.key
- /usr/local/share/examples/openvpn/sample-scripts/
- /usr/local/share/examples/openvpn/sample-scripts/auth-pam.pl
- /usr/local/share/examples/openvpn/sample-scripts/bridge-start
- /usr/local/share/examples/openvpn/sample-scripts/bridge-stop
- /usr/local/share/examples/openvpn/sample-scripts/totpauth.py
- /usr/local/share/examples/openvpn/sample-scripts/ucn.pl
- /usr/local/share/examples/openvpn/sample-scripts/verify-cn
- @newgroup _openvpn:577
- @newuser _openvpn:577:_openvpn::OpenVPN Daemon:/nonexistent:/sbin/nologin