diff options
| -rw-r--r-- | content/posts/openbsd-vpn-gateway/index.org | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/content/posts/openbsd-vpn-gateway/index.org b/content/posts/openbsd-vpn-gateway/index.org index f45a3d7..585a197 100644 --- a/content/posts/openbsd-vpn-gateway/index.org +++ b/content/posts/openbsd-vpn-gateway/index.org @@ -155,3 +155,37 @@ #+BEGIN_SRC auth-user-pass vpnpass.txt #+END_SRC + + Now we change their permissions to make sure they cannot be read or + modified by other users on the system. + + #+BEGIN_SRC shell + doas chmod 600 profile.ovpn vpnpasswd.txt + #+END_SRC + +** rcctl + + We can now set the OpenVPN daemon to launch at boot with our + modified profile using =rcctl=. =rcctl= is a tool that comes with + OpenBSD which modifies =/etc/rc.conf.local= on your behalf to + ensure it's done properly. The use of =rcctl= is not strictly + required, but highly recommended. + + + #+BEGIN_SRC shell + doas rcctl set openvpn flags --config /root/profile.ovpn + doas rcctl enable openvpn + doas rcctl start openvpn + #+END_SRC + + - =rcctl set openvpn flags --config /root/profile.ovpn= tells + =rcctl= to set the launch flags to the =openvpn= daemon to + =--config /root/profile.ovpn=. This is an OpenVPN option that + tells it to load its config from =/root/profile.ovpn=. + + - =rcctl enable openvpn=, enables the daemon at boot. + + - =rcctl start openvpn= starts the =openvpn= daemon. + + If things are configured correctly, you should now see a =tun= + device in your =ifconfig=. |