Things I'd do if I ever have time

Wish list

Please help a man further his career by donating expensive hardware. Cash works too.

OpenBSD and OpenVPN Quickstart Guide

Published: 09/06/2009

Everyone needs a personal VPN server because 1) crypto is cool, 2) public 802.11 (Wi-Fi) networks almost never implement WPA-anything, and if they do it's that "pre-shared key" stuff, and 3) bragging rights. Who cares if your next door neighbor upgraded their cheap Linksys router to DD-WRT? You have OpenBSD, OpenVPN, and some mystery called client certificate authentication. It sounds cool, so it must be good.

And if you're a business that already spent the entire budget on marketing but still need a VPN solution and can't afford any commercial-brand stuff from Cisco, F5, Check Point, Nortel, Juniper, etc. (or you don't want to pay for another Microsoft server license to run PPTP, L2TP with IPsec, or can't support SSTP because you have "legacy clients"), then have we got a solution for you that's free and the server-side can be deployed in about 10 minutes.

This article gives you the shortest path to achieving this. In other words, a command sequence cheat sheet. It assumes you've already set up OpenBSD and you're capable of copying / pasting the configs outlined here (and updating them to reflect your specific network configuration). The example in this article is based on OpenBSD 4.5 (i386) and OpenVPN 2.1_rc15 for the server.

SSH In and Let The Copy / Paste Begin...

   More Information

A Server Isn't Much Without a Client...

   More Information

There are, of course, different variations to this environment setup such as multi-homed servers, a DMZ, a PKI that isn't rooted on the VPN server itself, stricter pf rules, etc.. This article provides a quick deployment guide for further evaluation of the OpenVPN implementation without needing to shell out big bucks for name-brand solutions.

Go back to the main articles list.