diff options
Diffstat (limited to 'content/posts/openbsd-vpn-gateway/index.org')
| -rw-r--r-- | content/posts/openbsd-vpn-gateway/index.org | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/content/posts/openbsd-vpn-gateway/index.org b/content/posts/openbsd-vpn-gateway/index.org index ec5df24..41cd60c 100644 --- a/content/posts/openbsd-vpn-gateway/index.org +++ b/content/posts/openbsd-vpn-gateway/index.org @@ -27,12 +27,12 @@ will still be able to talk to each other normally, regardless of which gateway they use. - It's also setup such that if the VPN connection ever drops or gets - killed for any reason, the traffic will stop and won't be able to - reach the internet. Thanks to this I don't have to worry about the - traffic ever leaking out through my residential gateway should - OpenVPN decide to close the connection. Sort of like a "kill - switch", as some companies market it. + It's setup such that if the VPN connection ever drops or gets killed + for any reason, the traffic will stop and won't be able to reach the + internet. Thanks to this I don't have to worry about the traffic + ever leaking out through my residential gateway should OpenVPN + decide to close the connection. Sort of like a "kill switch", as + some companies market it. * Our Network @@ -89,8 +89,8 @@ single line saying =dhcp=. We want to give the interface the static IP =192.168.0.11= with a =/24= subnet. We use [[https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing][CIDR notation]] here for convenience, but it's also possible to write out the full subnet - mask after our IP, separated by a space. We open the file and - replace its contents with the following. + mask after our IP, separated by a space. We open + =/etc/hostname.vio0= and replace its contents with the following. #+BEGIN_SRC inet 192.168.0.11/24 @@ -116,7 +116,7 @@ file we've just edited. #+BEGIN_SRC shell - doas sh /etc/netstat vio0 + doas sh /etc/netstat #+END_SRC Now if we check [[http://man.openbsd.org/man8/ifconfig.8][=ifconfig(8)=]], we should see the interface has the @@ -156,7 +156,7 @@ =password=. To allow OpenVPN to login without us having to enter our password, - we can add the =auth-user-pass= directive to our =profile.ovpn= + we can modify the =auth-user-pass= directive to our =profile.ovpn= file. This will allow us run OpenVPN as a daemon. To do this we'll create a file called =/root/vpnpasswd.txt= @@ -168,7 +168,8 @@ password #+END_SRC - We then edit our VPN profile, adding the following line somewhere. + We then edit our VPN profile, adding the name of our password file + after =auth-user-pass=. #+BEGIN_SRC auth-user-pass vpnpass.txt |