OpenVPN : Configure VPN Client (FreeBSD)2024/09/23 |
|
Configure VPN Client. This example is on FreeBSD.
This example is based on the environment like follows. On this example, it needs to set IP Masquerading on Router, too.
+----------------------+
| [ OpenVPN Server ] |172.16.100.1
| dlp.srv.world +--------+
| |tun |
+-----------+----------+ |
vtnet0|10.0.0.30 |
| |
| Local Network |
10.0.0.1| |
+------+-----+ |
-------| Router |-------------|-----
+------+-----+ |
| |
| Internet |
--------------+-------------------|-----
| |
| Local Network |
192.168.0.31| |
+-----------+----------+ |
| |tun |
| VPN Client +--------+
| |172.16.100.x
+----------------------+
|
| [1] |
Transfer the [ca.crt], [client1.crt], [client1.key], and [ta.key] created on the server side in advance to the client to be configured. |
| [2] | Install OpenVPN. |
|
root@client:~ # pkg install -y openvpn
|
| [3] | Configure OpenVPN client. |
|
# copy sample configuration root@client:~ # mkdir /usr/local/etc/openvpn root@client:~ # cp /usr/local/share/examples/openvpn/sample-config-files/client.conf /usr/local/etc/openvpn/openvpn.conf
root@client:~ #
vi /usr/local/etc/openvpn/openvpn.conf # line 36 : protocol which you specified in the server's config ;proto tcp proto udp # line 42 : OpenVPN server's global IP and port (replace to your own environment) remote 172.16.2.1 1194 # line 54 : retry resolving resolv-retry infinite # line 58 : no bind for local port nobind # line 65 : enable persist options persist-key persist-tun # line 88 : path to certificates you copied from server ca ca.crt cert client1.crt key client1.key # line 114 : uncomment and specify the path to TLS-Auth key you copied from server tls-auth ta.key 1 # line 117 : log level verb 3
root@dlp:~ #
root@client:~ # service openvpn enable openvpn enabled in /etc/rc.conf root@dlp:~ # service openvpn start Starting openvpn. ifconfig
vtnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6>
ether 52:54:00:7c:de:11
inet 192.168.0.30 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::5054:ff:fe7c:de11%vtnet0 prefixlen 64 scopeid 0x1
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
tun0: flags=1008043<UP,BROADCAST,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 172.16.100.2 netmask 0xffffff00 broadcast 172.16.100.255
groups: openvpn
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
|
| [4] | Once the VPN connection is established, try to check whether the client can access the local network on the server side. |
|
root@client:~ # ping -c 3 10.0.0.30 PING 10.0.0.30 (10.0.0.30): 56 data bytes 64 bytes from 10.0.0.30: icmp_seq=0 ttl=64 time=1.193 ms 64 bytes from 10.0.0.30: icmp_seq=1 ttl=64 time=1.255 ms 64 bytes from 10.0.0.30: icmp_seq=2 ttl=64 time=1.241 ms --- 10.0.0.30 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 1.193/1.230/1.255/0.027 msroot@client:~ # ssh -o StrictHostKeyChecking=no ubuntu@10.0.0.203 hostname Warning: Permanently added '10.0.0.203' (ED25519) to the list of known hosts. ubuntu@10.0.0.203's password: ubuntu |
| Sponsored Link |