diff options
| author | Dante Catalfamo | 2020-07-11 14:12:12 -0400 |
|---|---|---|
| committer | Dante Catalfamo | 2020-07-11 14:12:12 -0400 |
| commit | 64c66bddddb24f65a68b56eda473e8ca547bc4ec (patch) | |
| tree | 83d2fe06cc4d3014ee8c756dbb91baa03728c5b3 /content | |
| parent | dc4fe62bc89e4a3124cbe7325c27788a68fd09ce (diff) | |
| download | blog-64c66bddddb24f65a68b56eda473e8ca547bc4ec.tar.gz blog-64c66bddddb24f65a68b56eda473e8ca547bc4ec.tar.bz2 blog-64c66bddddb24f65a68b56eda473e8ca547bc4ec.zip | |
Openbsd vpn gateway beginning
Diffstat (limited to 'content')
| -rw-r--r-- | content/posts/openbsd-vpn-gateway/index.org | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/content/posts/openbsd-vpn-gateway/index.org b/content/posts/openbsd-vpn-gateway/index.org new file mode 100644 index 0000000..8633368 --- /dev/null +++ b/content/posts/openbsd-vpn-gateway/index.org @@ -0,0 +1,37 @@ +#+TITLE: Creating a VPN Gateway with OpenBSD +#+DATE: 2020-07-11T13:48:25-04:00 +#+DRAFT: true +#+DESCRIPTION: +#+TAGS[]: openbsd openvpn +#+KEYWORDS[]: openbsd openvpn +#+SLUG: +#+SUMMARY: + +Say you have an account with a VPN provider. Maybe there are a limit +to how many connections you can have with one account, and you want to +put more machines than you have connections on the account. Or maybe +you want to put a large number of machines of the connection, +including maybe FreeBSD Jails, LXC containers, or VMs, and you don't +want to download the VPN profiles, and sign in and configure them all +individually. + +The solution I came up with to this problem is to setup a VPN gateway +on my network using [[https://www.openbsd.org/faq/pf/][OpenBSD]]. Any device that sets that machine as it's +gateway will automatically get its traffic tunneled through the VPN +connection. It's also setup such that if the VPN connection ever drops +or gets killed for any reason, the traffic will stop and won't be able +to reach the internet. Thanks to this I don't have to worry about the +traffic ever leaking out through my residential gateway should OpenVPN +decide to close the connection. Sort of like a "kill switch", as some +companies market it. + +The process for this is actually simple enough, thanks to OpenBSD's +[[https://www.openbsd.org/faq/pf/][PF]]. To replicate my setup you'll need a dedicated machine running +OpenBSD. You'll have to choose an appropriate host, taking into +consideration how much traffic you plan to put through it, the speed +of you VPN connection, and the speed of your home internet +connection. Anything from a virtual machine or a low power single +board PC will do in most cases, as home internet connections generally +aren't the fastest. If your internet connection is fast enough though, +you may consider [[https://blog.lambda.cx/posts/installing-openbsd-on-pcengines/][installing OpenBSD]] on a [[https://blog.lambda.cx/posts/pcengines-comparison/][PC Engines APU2]], as they're +affordable, have gigabit Ethernet, and great OpenBSD driver support. |