Newbie needs OpenVPN - PC-BSD Forums

h8windows · #1 02-17-2010, 03:09 AM

I just changed IP providers and my computer. I've installed PCBSD and like it. However, I am very, very new to bsd. I've had many problems with WindowsXP security in the past. I want to run a pay-vpn-service. It is the perfect time since I have a new ISP and new hardware. In fact, I bought a month of vpn from one such service. They use OpenVpn and sent me some encrypted files to configure openvpn.

I know that openvpn is already in the ports. I blindly played around with the console window & tried to follow some of the "technical" posts that I found here.

I installed openvpn to usr/local/etc/openvpn. I don't know if that's
where I was supposed to install it.

But I am absolutely clueless how to configure it to run and connect to the vpn-pay-service. When I say clueless ... I've been pointing and clicking with Windows since the 3.1 days. And there's no icon to double click for openvpn on pcbsd

ops:

The vpn-pay-service sent me a zip file. It has the following files in it:

ca.crt
h8window.crt that's my username(I changed it a little)
h8window.key
h8window.ovpn
ta.key

I tried installing it on Ubuntu on a different machine. But I think that machine had motherboard issues. Here are the instructions I received for installing it on linux:

1- install the openvpn package from your distro
2- open a terminal window
3- unzip the zipfile in your homedirectory (or any directory you wish)
4- su to root (or use sudo to execute command on step 6)
5- go to the directory where you unzipped the zipfile
6- start the vpn like this: openvpn --config youruseridhere.ovpn

After authentication you should be able to use the vpn.

and this:

Try the following:

- Save the zipfile from your email client to your homedirectory. Usually
you can right click on the attachment and choose "Save as". There you
first navigate to your homedirectory which would be something like:
/home/yourusernamehere/

- Then open a terminal window so you see the commandline prompt

- Type the following: sudo su
(and press enter)

- You might need to type a password, in that case type your password

- Then type: cd /home/yourusernamehere
(and press enter)

- Execute this command: sudo openvpn --config yourvpnusernamehere.ovpn
(and press enter)

After that you should see the authentication prompt which you must
follow and your VPN runs.

Of course they sent me a username & password to enter at the openvpn connection.

Can anyone here give me a step-by-step install to get openvpn started & configured with my encrypted keys? I've definitely installed openvpn but it might be in the wrong directory?

I hate to sound dumb, but if you could tell me the exact keystrokes and where to save stuff I would be very grateful. I don't even know if I unzipped the vpn-pay-service files correctly. And I sure as heck have no idea where they go or how to configure them.

Thanks

NaX · #2 02-17-2010, 11:35 AM

I have never tried to setup OpenVPN.
For a newbie OpenVPN is a hard core thing to cut your teeth with.

Here is some info I found that could help. One thing to know is that PCBSD is a desktop version of FreeBSD so any FreeBSD tutorials will help.

I don’t think there is a pbi for OpenVPN so FreeBSD ports is your only option.

FreeBSD Hankbook:
Chapter 3 UNIX Basics - http://www.freebsd.org/doc/handbook/basics.html
Chapter 4 Installing Applications: Packages and Ports - http://www.freebsd.org/doc/handbook/ports.html

Setting up Routed OpenVPN in FreeBSD - http://www.section6.net/wiki/index.php/ ... in_FreeBSD (6 August 2007)
Setting up bridging for OpenVPN on FreeBSD - http://www.mired.org/home/mwm/papers/Fr ... dging.html (May, 2006)
OpenVPN - getting it running - http://www.freebsddiary.org/openvpn.php (27 November 2008)
OpenVPN with FreeBSD, PF and Windows XP - http://www.ubergeek.co.uk/blog/2008/05/ ... ows-howto/ (May 23rd, 2008)

Like I said, I have little knowledge of OpenVPN, but what I don’t know is if you need OpenVPN server setup or just an OpenVPN client.
Have a look at KVpnc http://home.gna.org/kvpnc/en/

h8windows · #3 02-17-2010, 02:18 PM

I just realized that I posted this in the wrong section. I should have put it under Support, sorry.

What I did was go to this website
http://www.ubergeek.co.uk/blog/2008/...windows-howto/

And I did this

First install the port

cd /usr/ports/security/openvpn
make install

Now that the port is installed you can start setting stuff up.

First edit your /etc/rc.conf and add the following line:-

openvpn_enable=”YES”

Now create the config files, which we will place in /usr/local/etc/openvpn:-

cd /usr/local/etc/
mkdir openvpn
cd openvpn

vim openvpn.conf

That's as far as I got. "make install" worked. It downloaded a bunch of stuff and installed openvpn. Where it installed it I have no idea. I didn't know what to do with the last command vim openvpn.conf

All I need is the client. The pay-service is the server. They sent me encrypted keys via a zip file in email.

After that, I don't plan on doing anything at the command line. I just want to be able to access the internet over a secure vpn proxy connection. Everything in the future would be GUI PBI.

I need to know how to unzip my vpnkeyfiles to openvpn on PCBSD. And I need to know how to run openvpn once I have done that.

Thanks.

NaX · #4 02-18-2010, 09:47 AM

Ok, vim is a command line text editor. In the tutorial they are asking you to create a text file called openvpn.conf, FULL PATH = /usr/local/etc/openvpn/openvpn.conf

Then place that text in that config file, from # Specify device to daemon. vim can proof very difficult to use if don’t know how it works, as it works very differently to what most people are used to. I would try a GUI text editor like Kate. Don’t use a Word processor like Open Office Writer. There are also a lot of easier command line text editors you can try use like joe or nano or ee. ee should come with FreeBSD/PCBSD.

But I don’t know the details of what to do next, like I said I don’t have any experience in OpenVPN.

In the config file openvpn.conf you actual set the paths to your VPN Authentication Keys. But I think this could be for setting up a VPN server. Maybe try putting your key files that you were given in the keys directory and make sure they correctly referenced in the config file.

But I would do none of this. If you have OpenVPN installed I would go back to the instruction you where given. Extract the file you where given (try right click in Dolphan or command line unzip filename.zip, you might need to install unzip) and then do the following on the command line as root.
openvpn --config yourvpnusernamehere.ovpn

And I would still have a look at KVpnc. It is a vpn client that should work with OpenVPN. http://home.gna.org/kvpnc/en/

NaX · #5 02-18-2010, 12:23 PM

I can't seem to find a port for KVpnc, which means you would need to compile form source manually to get it installed.

But I would also look kovpn and there is a port for it, installing it is simple.
http://www.kde-apps.org/content/show.php?content=37043
http://www.freshports.org/security/kovpn/

If you look on that freshports page it tells you how to install it using source or binary packages.

Code:

To install the port: cd /usr/ports/security/kovpn/ && make install clean
To add the package: pkg_add -r kovpn

I also read in the RC announcement that there is a new tool in PCBSD8 for installing ports. Have not tried it yet, but sounds good.

Quote:

Port-Console tool, provides users a way to build / run ports in a jailed environment, without fear of destroying their working desktop setup

I also found this discution that mentions kovpn
viewtopic.php?f=8&t=10771

That discussion also references this link to openVPN clients.
http://openvpn.net/index.php/open-sourc ... tml#client

I hope that helps put you on the correct path.