OpenVPN install on FreeBSD ( Bridged Mode )
**1. Add Bridge support ( Rebuild kernel with the following options ) **
**
**device if_bridge
options BRIDGE
**2. add sysctl values **
*#enable ip forwarding
*net.inet.ip.forwarding=1
*#enable bridging
*net.link.ether.bridge.enable=1
#configure bridged interfaces ( change lnc to your nic , tap0 is the virtual nic used by openvpn )
sysctl net.link.ether.bridge.config=lnc0,tap0
3.install from ports
cd /usr/ports/security/openvpn && make all install
4. copy ssl certs scripts
mkdir /usr/local/etc/openvpn
cp -r /usr/local/share/doc/openvpn/easy-rsa /usr/local/etc/openvpn
**5. create ssl certs **
cd /usr/local/etc/openvpn/easy-rsa
vi vars ( add configs )
. ./vars
./build-ca
./build-key-server server_name ( this will create certs with the prefix server_name )
./build-dh
**6.create server config file **
cd /usr/local/etc/openvpn/
vi openvpn.conf
— snip ——
what port to listen on
port 443
what protocol to use
proto tcp
allow vpn clients to see each other
client-to-client
certicates location
ca /usr/local/etc/openvpn/easy-rsa/keys/ca.crt
cert /usr/local/etc/openvpn/easy-rsa/keys/server_name.crt
key /usr/local/etc/openvpn/easy-rsa/keys/server_name.key # This file should be kept secret
dh /usr/local/etc/openvpn/easy-rsa/keys/dh1024.pem
bridge mode
dev tap
allow clients to use range of 192.168.1.50 to .100 with .3 as default gateway
server-bridge 192.168.1.3 255.255.255.0 192.168.1.50 192.168.1.100
Push routes to the clients ( what ever subnets they should reach )
push "route 192.168.1.0 255.255.255.0"
push "route 172.16.0.0 255.255.254.0"
other options
push "dhcp-option DOMAIN vpn.domain.com"
push "dhcp-option DNS 192.168.1.254"
keepalive 10 120
comp-lzo
;max-clients 100
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 6
mute 5
7.enable openssl on startup
echo "openvpn_enable="YES"" >> /etc/rc.conf
/usr/local/etc/rc.d/openvpn start
**8.tail the log for errors …
**