gateway: add openvpn subsections

1 files changed, 33 insertions, 29 deletions

diff --git a/content/posts/openbsd-vpn-gateway/index.org b/content/posts/openbsd-vpn-gateway/index.org
index e750209..9c3cb68 100644
--- a/content/posts/openbsd-vpn-gateway/index.org
+++ b/content/posts/openbsd-vpn-gateway/index.org
@@ -113,40 +113,44 @@
 
 * Configuring OpenVPN
 
-  First we have to install [[https://openvpn.net/][OpenVPN]], which is provided by the OpenBSD
-  package manager. Normally we would install the =openvpn= package,
-  but due to an [[{{< ref "openvpn-issues-openbsd" >}}][issue with libressl]], we'll be installing the =mbedtls=
-  version. This problem should hopefully be resolved soon, so we'll
-  likely be able to use regular =openvpn= in the future.
+** Installation
 
-  #+BEGIN_SRC shell
-  doas pkg_add openvpn--mbedtls
-  #+END_SRC
+   First we have to install [[https://openvpn.net/][OpenVPN]], which is provided by the OpenBSD
+   package manager. Normally we would install the =openvpn= package,
+   but due to an [[{{< ref "openvpn-issues-openbsd" >}}][issue with libressl]], we'll be installing the =mbedtls=
+   version. This problem should hopefully be resolved soon, so we'll
+   likely be able to use regular =openvpn= in the future.
 
-  Note: The =--mbedtls= is required to get the =mbedtls= flavour of
-  the =openvpn= package.
+   #+BEGIN_SRC shell
+   doas pkg_add openvpn--mbedtls
+   #+END_SRC
 
-  Let's assume the VPN profile we've downloaded from our provider
-  exists in =/root/profile.ovpn=. This could have been downloaded
-  using [[https://man.openbsd.org/man1/ftp.1][=ftp(1)=]] or transferred on using [[https://man.openbsd.org/man1/sftp.1][=sftp(1)=]]. It also requires a
-  username and password supplied by the user. Let's say that username
-  is =user@example.com= and the password is =password=.
+   Note: The =--mbedtls= is required to get the =mbedtls= flavour of
+   the =openvpn= package.
 
-  To allow OpenVPN to login to the VPN without the us having to enter
-  our password, we can add the =auth-user-pass= configuration option
-  to our =ovpn= file. This will allow us run OpenVPN as a daemon, and
-  restart it without having to type our username and password in.
+** VPN Profile
 
-  To do this we can create a file called =/root/vpnpasswd.txt= containing
-  our username, followed my our password on separate lines.
+   Let's assume the VPN profile we've downloaded from our provider
+   exists in =/root/profile.ovpn=. This could have been downloaded
+   using [[https://man.openbsd.org/man1/ftp.1][=ftp(1)=]] or transferred on using [[https://man.openbsd.org/man1/sftp.1][=sftp(1)=]]. It also requires a
+   username and password supplied by the user. Let's say that username
+   is =user@example.com= and the password is =password=.
 
-  #+BEGIN_SRC
-  user@examples.com
-  password
-  #+END_SRC
+   To allow OpenVPN to login to the VPN without the us having to enter
+   our password, we can add the =auth-user-pass= configuration option
+   to our =ovpn= file. This will allow us run OpenVPN as a daemon, and
+   restart it without having to type our username and password in.
 
-  We then edit our VPN profile, adding the following line somewhere.
+   To do this we can create a file called =/root/vpnpasswd.txt= containing
+   our username, followed my our password on separate lines.
 
-  #+BEGIN_SRC
-  auth-user-pass vpnpass.txt
-  #+END_SRC
+   #+BEGIN_SRC
+   user@examples.com
+   password
+   #+END_SRC
+
+   We then edit our VPN profile, adding the following line somewhere.
+
+   #+BEGIN_SRC
+   auth-user-pass vpnpass.txt
+   #+END_SRC