OpenVPN : Configure VPN Client (FreeBSD)2024/09/23 |
Configure VPN Client. This example is on FreeBSD.
This example is based on the environment like follows. On this example, it needs to set IP Masquerading on Router, too. +----------------------+ | [ OpenVPN Server ] |172.16.100.1 | dlp.srv.world +--------+ | |tun | +-----------+----------+ | vtnet0|10.0.0.30 | | | | Local Network | 10.0.0.1| | +------+-----+ | -------| Router |-------------|----- +------+-----+ | | | | Internet | --------------+-------------------|----- | | | Local Network | 192.168.0.31| | +-----------+----------+ | | |tun | | VPN Client +--------+ | |172.16.100.x +----------------------+ |
[1] |
Transfer the [ca.crt], [client1.crt], [client1.key], and [ta.key] created on the server side in advance to the client to be configured. |
[2] | Install OpenVPN. |
root@client:~ # pkg install -y openvpn
|
[3] | Configure OpenVPN client. |
# copy sample configuration root@client:~ # mkdir /usr/local/etc/openvpn root@client:~ # cp /usr/local/share/examples/openvpn/sample-config-files/client.conf /usr/local/etc/openvpn/openvpn.conf
root@client:~ #
vi /usr/local/etc/openvpn/openvpn.conf # line 36 : protocol which you specified in the server's config ;proto tcp proto udp # line 42 : OpenVPN server's global IP and port (replace to your own environment) remote 172.16.2.1 1194 # line 54 : retry resolving resolv-retry infinite # line 58 : no bind for local port nobind # line 65 : enable persist options persist-key persist-tun # line 88 : path to certificates you copied from server ca ca.crt cert client1.crt key client1.key # line 114 : uncomment and specify the path to TLS-Auth key you copied from server tls-auth ta.key 1 # line 117 : log level verb 3
root@dlp:~ #
root@client:~ # service openvpn enable openvpn enabled in /etc/rc.conf root@dlp:~ # service openvpn start Starting openvpn. ifconfig vtnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500 options=4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6> ether 52:54:00:7c:de:11 inet 192.168.0.30 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::5054:ff:fe7c:de11%vtnet0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> tun0: flags=1008043<UP,BROADCAST,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1500 options=80000<LINKSTATE> inet 172.16.100.2 netmask 0xffffff00 broadcast 172.16.100.255 groups: openvpn nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> |
[4] | Once the VPN connection is established, try to check whether the client can access the local network on the server side. |
root@client:~ # ping -c 3 10.0.0.30 PING 10.0.0.30 (10.0.0.30): 56 data bytes 64 bytes from 10.0.0.30: icmp_seq=0 ttl=64 time=1.193 ms 64 bytes from 10.0.0.30: icmp_seq=1 ttl=64 time=1.255 ms 64 bytes from 10.0.0.30: icmp_seq=2 ttl=64 time=1.241 ms --- 10.0.0.30 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 1.193/1.230/1.255/0.027 msroot@client:~ # ssh -o StrictHostKeyChecking=no ubuntu@10.0.0.203 hostname Warning: Permanently added '10.0.0.203' (ED25519) to the list of known hosts. ubuntu@10.0.0.203's password: ubuntu |
Sponsored Link |
|