[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] openvpn client on freebsd


  • Subject: Re: [Openvpn-users] openvpn client on freebsd
  • From: "Harry Doyle" <harry@xxxxxxxxx>
  • Date: Thu, 13 Sep 2007 14:24:18 -0300

if i run the openvpn command like you said it doesn't work, but then (and i have to do the same thing on the linux server, which reminded me)..if i change dir to the /usr/local/etc/openvpn folder i can run the command with the --config option and it works great!

now if i can get this working on startup cleanly it would be fantastic.

here is what i added to /etc/rc.donf:

openvpn_enable="YES"  # YES or NO
openvpn_if="tun"      # driver(s) to load, set to "tun", "tap" or "tun tap"
#
# # optional:
# openvpn_flags=""      # openvpn command line flags
openvpn_configfile="/usr/local/etc/openvpn/radio.conf"      # --config file
openvpn_dir="/usr/local/etc/openvpn"                          # --cd directory


here is my /usr/local/etc/rc.d/openvpn.sh (this got installed by ports and i followed instructions to add stuff to /etc/rc.conf)

#!/bin/sh
#
# openvpn.sh - load tun/tap driver and start OpenVPN daemon

# ^snip^ a bunch of copyright stuff

# -----------------------------------------------------------------------------
#
# Add the following lines to /etc/rc.conf to enable openvpn at boot-up time:
#
# openvpn_enable="YES"  # YES or NO
# openvpn_if="tun"      # driver(s) to load, set to "tun", "tap" or "tun tap"
#
# # optional:
# openvpn_flags=""      # openvpn command line flags
# openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"      # --config file
# openvpn_dir="/usr/local/etc/openvpn"                          # --cd directory
#
# You also need to set openvpn_configfile and openvpn_dir, if the configuration
# file and directory where keys and certificates reside differ from the above
# settings.
#
# Note that we deliberately refrain from unloading drivers.
#
# For further documentation, please see openvpn(8).
#

. /etc/rc.subr

name=openvpn
rcvar=`set_rcvar`

prefix="/usr/local"

openvpn_precmd()
{
        for i in $openvpn_if ; do
                # FreeBSD <= 5.4 does not know kldstat's -m option
                # FreeBSD >= 6.0 does not add debug.* sysctl information
                # in the default build - we check both to keep things simple
                if ! sysctl debug.if_${i}_debug >/dev/null 2>&1 \
                        && ! kldstat -m if_${i} >/dev/null 2>&1 ; then
                        if ! kldload if_${i} ; then
                                warn "Could not load $i module."
                                return 1
                        fi
                fi
        done
        return 0
}

stop_postcmd()
{
        rm -f "$pidfile" || warn "Could not remove $pidfile."
}

# support SIGHUP to reparse configuration file
extra_commands="reload"

# pidfile
pidfile="/var/run/${name}.pid"

# command and arguments
command="/usr/local/sbin/${name}"

# run this first
start_precmd="openvpn_precmd"
# and this last
stop_postcmd="stop_postcmd"

load_rc_config ${name}
: ${openvpn_enable="NO"}
: ${openvpn_flags=""}
: ${openvpn_if=""}
: ${openvpn_configfile="${prefix}/etc/openvpn/openvpn.conf"}
: ${openvpn_dir="${prefix}/etc/openvpn"}
required_files="${openvpn_configfile}"
command_args="--cd ${openvpn_dir} --daemon --config ${openvpn_configfile} --writepid ${pidfile}"
run_rc_command "$1"


************

it seems like i could just add a quick and dirty command to /usr/local/etc/rc.d but it's probably not the correct way to get things working.

i didn't understand the server and client were initiated in similar ways on unix.

thanks!
harry













On 9/13/07, Stefan Lamby <slamby@xxxxxx> wrote:
Please post this openvpn.sh file you have.

Thanks
Stefan


Harry Doyle schrieb:
> ok i am able to access my server now, but openvpn doesn't seem to
> work. i have added some lines to rc.conf to start it, and i have
> created a /usr/local/etc/openvpn directory and indicated its existence
> in rc.conf.
>
> i have generated my client.conf file, and i'm using the same crt files
> i use on my windows clients. i have generated the other key/crt files
> for this computer using pkitool on the server. so i think my stuff in
> /usr/local/etc/openvpn is ok. and i also have a startup file in
> /usr/local/etc/rc.d/openvpn.sh
>
> so i think it should start up, but nothing happens. i tail
> /var/log/messags but there is no info. ifconfig doesn't show any tun
> device either (like it does on the linux server).
>
> i am using tun device, which i think is already in my stock freebsd
> kernel.
>
> i think it must be something small i'm missing. what do i need to
> provide you guys to figure out what's wrong?
>
> just to be clear, i am only trying to use this machine as a client.
>
> thanks for your help,
> harry
>
>
>
>
> $On 9/11/07, *Harry Doyle* <harry@xxxxxxxxx <mailto:harry@xxxxxxxxx>>
> wrote:
>
>     thanks everybody. i will set this up tomorrow and let you know how
>     it goes. i can't ssh to the machine from home, which is why i'm
>     using openvpn. i've been using it for about a year now to give
>     clients ms exchange access and i have to say openvpn is solid as a
>     rock! using it for remote access to clients behind a firewall is
>     really really convenient.
>     cheers,
>     harry
>
>
>
>     On 9/10/07, *Marco Fretz* < marco@xxxxxxx <mailto:marco@xxxxxxx>>
>     wrote:
>
>         if u have installed ports-tree u should install from ports.
>         its better
>         then compile the source manually under bsd... but check the
>         version... i
>         think u should use openvpn 2.0
>
>         greets
>
>         Harry Doyle schrieb:
>         > that's ok, i just want to use it so i can connect to my
>         openvpn server
>         > and then access ssh over it, which is blocked over its
>         routable ip. i
>         > did not know the install was same for client and server. all my
>         > existing clients are on windows. ok to install from ports on
>         this?
>         > thanks,
>         > harry
>         >
>         >
>         > On 9/10/07, *Marco Fretz* < mailinglist@xxxxxxx
>         <mailto:mailinglist@xxxxxxx >
>         > <mailto:mailinglist@xxxxxxx <mailto:mailinglist@xxxxxxx>>> wrote:
>         >
>         >     hello
>         >
>         >     install is always the same, for server and
>         client...  client config is
>         >     almost the same on every OS.
>         >     read this howto carefully and u can easily setup a secure
>         openvpn
>         >     server
>         >     with tls,client and server cert...
>         >
>         >     http://openvpn.net/howto.html <http://openvpn.net/howto.html>
>         >
>         >     one thing i know from openbsd (probable on freebsd, too)
>         is that
>         >     it has
>         >     no support for TAP tunnels in generic kernel. but if u
>         dont need
>         >     broadcasts odr multicast u should not use tap, i think.
>         >
>         >
>         >
>         >     greets
>         >     marco
>         >
>         >     Harry Doyle schrieb:
>         >     > Hi everybody,
>         >     > I have a FreeBSD box i would like to hook up to a linux
>         based
>         >     openvpn
>         >     > server. How do i setup an openvpn client on FreeBSD?
>         Everything i've
>         >     > seen so far on unix was for running servers. Is there a
>         howto on
>         >     this?
>         >     > Thanks,
>         >     > Harry
>         >     >
>         >
>         ------------------------------------------------------------------------
>         >
>         >     >
>         >     >
>         >
>         -------------------------------------------------------------------------
>
>         >     > This SF.net email is sponsored by: Microsoft
>         >     > Defy all challenges. Microsoft(R) Visual Studio 2005.
>         >     > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>         <http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/>
>         >     >
>         >
>         ------------------------------------------------------------------------
>         >     >
>         >     > _______________________________________________
>         >     > Openvpn-users mailing list
>         >     > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>         <mailto:Openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
>         >     <mailto: Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>         <mailto:Openvpn-users@xxxxxxxxxxxxxxxxxxxxx>>
>         >     >
>         https://lists.sourceforge.net/lists/listinfo/openvpn-users
>         <https://lists.sourceforge.net/lists/listinfo/openvpn-users>
>         >     < https://lists.sourceforge.net/lists/listinfo/openvpn-users>
>         >     >
>         >
>         >
>
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> ------------------------------------------------------------------------
>
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>