diff options
Diffstat (limited to 'content/posts')
| -rw-r--r-- | content/posts/openbsd-vpn-gateway/index.org | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/content/posts/openbsd-vpn-gateway/index.org b/content/posts/openbsd-vpn-gateway/index.org index 8633368..17cf28d 100644 --- a/content/posts/openbsd-vpn-gateway/index.org +++ b/content/posts/openbsd-vpn-gateway/index.org @@ -12,7 +12,7 @@ to how many connections you can have with one account, and you want to put more machines than you have connections on the account. Or maybe you want to put a large number of machines of the connection, including maybe FreeBSD Jails, LXC containers, or VMs, and you don't -want to download the VPN profiles, and sign in and configure them all +want to download the VPN profiles, sign in and configure them all individually. The solution I came up with to this problem is to setup a VPN gateway @@ -26,7 +26,9 @@ decide to close the connection. Sort of like a "kill switch", as some companies market it. The process for this is actually simple enough, thanks to OpenBSD's -[[https://www.openbsd.org/faq/pf/][PF]]. To replicate my setup you'll need a dedicated machine running +firewall, PF. + +To replicate my setup you'll need a dedicated machine running OpenBSD. You'll have to choose an appropriate host, taking into consideration how much traffic you plan to put through it, the speed of you VPN connection, and the speed of your home internet @@ -35,3 +37,19 @@ board PC will do in most cases, as home internet connections generally aren't the fastest. If your internet connection is fast enough though, you may consider [[https://blog.lambda.cx/posts/installing-openbsd-on-pcengines/][installing OpenBSD]] on a [[https://blog.lambda.cx/posts/pcengines-comparison/][PC Engines APU2]], as they're affordable, have gigabit Ethernet, and great OpenBSD driver support. + +I highly recommend you check out the man pages for the firewall itself +[[https://man.openbsd.org/man4/pf.4][=pf(4)=]], the pf configuration file format [[https://man.openbsd.org/man5/pf.conf.5][=pf.conf(5)=]], and the pf +control command [[https://man.openbsd.org/man8/pfctl.8][=pfctl(8)=]] if you plan on setting something like this +up. They're all very well written and explain a lot of what I'm doing +in very clear detail. You should also read the excellent [[https://www.openbsd.org/faq/pf/][PF FAQ]] from +the OpenBSD website, which covers many more PF configuration examples. + +The first thing we'll have to do is install OpenBSD. In my case I +created a virtual machine on a server in my house running [[https://www.proxmox.com/en/][Proxmox]]. In +my case, the machine only has 1 vCPU and 512 MB RAM, which is more +than enough in my case, but you should choose the best machine for +your situation. + +We'll go though the setup from scratch for illustrative purposes, and +to help users who have never setup an OpenBSD installation before. |