Solved How to setup an OpenVPN client on FreeBSD 10.x?

I want network traffic to pass through VPN on my FreeBSD setup.

something like: my-box => VPN provider => web

I'm trying to find guides/articles/discussions on how to setup an OpenVPN client on FreeBSD but I'm not having any luck.

Can someone please help? Or at least point me to the right direction?

Thank you.
 
Look for any kind of guide about OpenVPN, it doesn't necessarily have to be on FreeBSD. OpenVPN on FreeBSD is configured exactly the same way as on Linux. The only difference might be the location of the configuration files themselves.
 
I thought of that and was looking into something for Ubuntu.

My only worry is that I may need to load kernel modules. I found a guide in FreeBSDDiary but it's for a server. One of the steps is to load a kernel module.

Thanks again! :)
 
-Install security/openvpn
-Download the config files from your VPN provider
-Open a terminal then su and run the below command:

openvpn /path/to/your/vpn/config/file/Vpn_Config.ovpn

You should be connected now.


Things to keep in mind:
-Check your DNS settings. -Don't use your ISP's DNS servers. Often VPN providers have their own DNS servers, use them if possible.

-Set up the pf firewall to prevent leaks if the connection drops. Only allow out on em0 (if your adapter is Intel) to the VPN IP/VPN port/protocol. Then only allow out on tun0 (virtual VPN interface) to port 80, 443, 53 etc. { tcp udp } to any
Block everything else.


-In your browser, make sure to disable WebRTC - It can leak your actual IP.

Firefox - open about:config
Search for: media.peerconnection.enabled set it to false.

Chrome:
The only option I'm aware of is Ublock Origin. It has a new disable WebRTC option. However I've not tested it as I don't use Chrome.

Here's a few testing sites for DNS:
http://entropy.dns-oarc.net/test/
https://www.dnsleaktest.com/
https://www.grc.com/dns/dns.htm
 
I'm trying to find guides/articles/discussions on how to setup an OpenVPN client on FreeBSD but I'm not having any luck.
There is nothing FreeBSD specific about OpenVPN client on FreeBSD.

1. Install OpenVPN
2. Go to /usr/local/etc/openvpn/
3. Edit configuration file. Should be something like this

Code:
client
dev tun
proto udp

# The hostname/IP and port of the server.
remote my.vpnserver.org 1194

resolv-retry infinite
;nobind

# Downgrade privileges after initialization (non-Windows only)
user openvpn
group openvpn

# Try to preserve some state across restarts.
;persist-key
persist-tun
;mute-replay-warnings

# SSL/TLS parms.
ca /usr/local/etc/openvpn/ca.crt
cert /usr/local/etc/openvpn/lake.crt
key /usr/local/etc/openvpn/private/lake.key

;ns-cert-type server

# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth /usr/local/etc/openvpn/private/ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-256-CBC

# Enable compression on the VPN link.
comp-lzo

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20

4. On your OpenVPN server use easy-rsa to create client certificate and key file. In my case
lake.crt and lake.key. You also download server certification file ca.crt as well as tls-auth shared-secret key ta.key

5. Put crt files in /usr/local/etc/openvpn and also create directory private where you will put key files. Key files should be owned by openvpn users and group and should have permission 400.

6. Bring the tun interface up.

7. Adjust the firewall accordingly so that you allow outgoing traffic on the port 1194. You should also considering filtering things on tun interface both egress and ingress.

8. Start openvpn service.

9. Enjoy.
 
-Install security/openvpn
-Download the config files from your VPN provider
-Open a terminal then su and run the below command:

openvpn /path/to/your/vpn/config/file/Vpn_Config.ovpn

You should be connected now.


Things to keep in mind:
-Check your DNS settings. -Don't use your ISP's DNS servers. Often VPN providers have their own DNS servers, use them if possible.

-Set up the pf firewall to prevent leaks if the connection drops. Only allow out on em0 (if your adapter is Intel) to the VPN IP/VPN port/protocol. Then only allow out on tun0 (virtual VPN interface) to port 80, 443, 53 etc. { tcp udp } to any
Block everything else.


-In your browser, make sure to disable WebRTC - It can leak your actual IP.

Firefox - open about:config
Search for: media.peerconnection.enabled set it to false.

Chrome:
The only option I'm aware of is Ublock Origin. It has a new disable WebRTC option. However I've not tested it as I don't use Chrome.

Here's a few testing sites for DNS:
http://entropy.dns-oarc.net/test/
https://www.dnsleaktest.com/
https://www.grc.com/dns/dns.htm

Thank you kindly. Got me connected to IPVANISH on 10.x :)

Cheers
 
Back
Top