think tank forum

dbrown wanted to see my config files so I thought I'd make a thread for them.

OpenVPN is doing routing between the first MacBook (10.0.0.2) and the OpenBSD box's wireless interface (10.0.0.1).

OpenVPN on the OpenBSD box was installed from ports and the config file looks like this:

local 10.0.0.1
port 1194
proto udp
dev tun1

ca ca.crt
cert crashoverride.crt
key crashoverride.key
dh dh1024.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /tmp/ipp.txt
push "redirect-gateway local def1"
client-to-client

keepalive 10 120
comp-lzo
max-clients 5
user nobody
group nobody
persist-key
persist-tun

status /var/log/openvpn-status.log

# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3

chroot /var/empty

OpenVPN on the MacBook is running on OS X 10.4.9, was installed as part of Tunnelblick and the config file looks like this (I did a nice job of saving myself from putting any punctuation after the URL in that hyperlink :).):

client
dev tun
proto udp
resolv-retry infinite
nobind

user nobody
group nobody

persist-key
persist-tun

ca ca.crt
cert cerealkiller.crt
key cerealkiller.key

comp-lzo
verb 3

I have this line in /etc/rc.local to start OpenVPN on boot (on OpenBSD):

/usr/local/sbin/openvpn --cd /etc/openvpn --daemon --config server.conf

it took some reading of the OpenVPN site to fully grasp a lot of this stuff, and a lot of just playing around to get packets routed correctly, but in the end it's been very maintenance-free, which is nice.

hope this helps, dbrown!

argh, I meant to post my network diagram after saying where OpenVPN was routing:

network diagram

oh, and generating all the keys and stuff is explained pretty well in the OpenVPN documentation.

gracias, we already went with a cisco vpn setup. I had openvpn setup exactly like you and had it running. it was the tap interface that i could never get to work.