FreeBSD VPN

P

phalange

Is there a VPN provider with a freebsd client? I see none, except some suggest openvpn. Is openvpn well supported on FreeBSD or is there a better (more "native") option?

I have a FreeBSD laptop and sometimes I have to use public wifi.
 
Yes OpenVPN is well supported, I use it daily and haven't noticed any problem. You can install it from ports using pkg install openvpn, however it is userland and not built into the kernel so you may not have the best performance (even though I haven't noticed any performance problem with normal desktop usage). Your VPN provider will normally give you OpenVPN configuration files that you can download and point your OpenVPN client to.

As far as native support, I have heard that wireguard will have a kernel driver in a future version of FreeBSD, but I am not sure if the work made it into FreeBSD 13.0.

Edit: Yes apparently it made it according to this thread which also explains how to configure everything.
 
Thanks, I'll start with openvpn. I'd love to use wireguard -- my vpn supports it -- but that configuration looks painful.

WIth openvpn, I just enter one of my provider's servers and connect to it. Does wireguard use the same basic principle?
 
I'm using PIA with wireguard. They provide openvpn and wireguard scripts. Based on this scripts I made my own
easy wireguard login. Works very well and speed is also good. As far as I know wireguard was in the kernel before
but got removed. I just install the package.
 
Well Wireguard will become part of the kernel again sometimes. The issue is that the original implementation done by Matthew Macy was just bad, and therefore pulled out of the kernel. It was a really big controversy around it.

As result FreeBSD will get its own kernel module for Wireguard, but with the support of its original creator and well known FreeBSD developers. Matthew Macy's stuff didn't make it due to bad quality problems.

www.theregister.com

FreeBSD 13.0 to ship without WireGuard support as dev steps in to fix 'grave issues' with initial implementation

Public spat over code quality, reworked code set for 13.1 release, pfSense firewall also affected
www.theregister.com www.theregister.com
 
phalange said:
Is there a VPN provider with a freebsd client? I see none, except some suggest openvpn. Is openvpn well supported on FreeBSD or is there a better (more "native") option?

I have a FreeBSD laptop and sometimes I have to use public wifi.
Click to expand...
OpenVPN works very well.
I start my VPN connections from the console on FreeBSD because (as far as I remember) the NetworkManager-OpenVPN GUI plugin for KDE is not available on FreeBSD (things might have changed meanwhile).
A console script can be wrapped as a user service or system service. Also, you could find KDE widgets to launch the script from, this should not be an issue.
 
I'm with roccobaroccoSC openvpn client started from a term window. Some of the desktop environments have weird VPN configuration where you need to split up an openvpn client file into a couple pieces that don't always work.

My reason for starting from a console/term window? Control. VPN only gets started when I want it to, I shut it down when I'm done. Complete control.
One thing with VPNs and home networks: be careful of overlapping network address spaces. Almost everyone's home network is 192.168.0.0/16, your corporate network may do the same thing. Starting the VPN creates routes on your local machine, if addresses overlap, things may get borked.
 
I use openvpn 5 days a week at my job, with no problem. Assuming you have an ovpn file, it's pretty simple. In terminal (you will need root privilege because it creates a tap interface), if using sudo, e.g., it's just
Code: 
 sudo openvpn <path-to-ovpn-file>
I usually do it in a tmux session which I then detach.
 
You can start it from its rc.d script at boot time, or using "service openvpn onestart". You do need a working config file though, but the VPN service should provide that.

I once found that something had gone wrong with the openvpn connection and my torrent client was sending traffic out directly. Ever since then I've run it in combination with a dedicated firewall script that blocks most direct access to the ethernet or wlan interface.
 
You must log in or register to reply here.
Back
Top