From 0c5d811130815b9c8aec58d492456468e58b108d Mon Sep 17 00:00:00 2001
From: Dante Catalfamo
Date: Mon, 13 Jul 2020 23:53:50 -0400
Subject: gateway: rearrange sections, add headers

---
 content/posts/openbsd-vpn-gateway/index.org | 109 ++++++++++++++--------------
 1 file changed, 56 insertions(+), 53 deletions(-)

diff --git a/content/posts/openbsd-vpn-gateway/index.org b/content/posts/openbsd-vpn-gateway/index.org
index 61d54ee..2f6f31e 100644
--- a/content/posts/openbsd-vpn-gateway/index.org
+++ b/content/posts/openbsd-vpn-gateway/index.org
@@ -8,64 +8,67 @@
 #+SLUG:
 #+SUMMARY:
 
-Say you have an account with a VPN provider. Maybe there are a limit
-to how many connections you can have with one account, and you want to
-put more machines than you have connections on the account. Or maybe
-you want to put a large number of machines of the connection,
-including maybe FreeBSD Jails, LXC containers, or VMs, and you don't
-want to download the VPN profiles, sign in and configure them all
-individually.
-
-The solution I came up with to this problem is to setup a VPN gateway
-on my network using [[https://www.openbsd.org/faq/pf/][OpenBSD]]. Any device that sets that machine as it's
-gateway will automatically get its traffic tunneled through the VPN
-connection. It's also setup such that if the VPN connection ever drops
-or gets killed for any reason, the traffic will stop and won't be able
-to reach the internet. Thanks to this I don't have to worry about the
-traffic ever leaking out through my residential gateway should OpenVPN
-decide to close the connection. Sort of like a "kill switch", as some
-companies market it.
-
-The process for this is actually simple enough, thanks to OpenBSD's
-firewall, PF.
-
-To replicate my setup you'll need a dedicated machine running
-OpenBSD. You'll have to choose an appropriate host, taking into
-consideration how much traffic you plan to put through it, the speed
-of you VPN connection, and the speed of your home internet
-connection. Anything from a virtual machine or a low power single
-board PC will do in most cases, as home internet connections generally
-aren't the fastest. If your internet connection is fast enough though,
-you may consider [[https://blog.lambda.cx/posts/installing-openbsd-on-pcengines/][installing OpenBSD]] on a [[https://blog.lambda.cx/posts/pcengines-comparison/][PC Engines APU2]], as they're
-affordable, have gigabit Ethernet, and great OpenBSD driver support.
-
-I highly recommend you check out the man pages for the firewall
-configuration file format [[https://man.openbsd.org/man5/pf.conf.5][=pf.conf(5)=]], and the pf control command
-[[https://man.openbsd.org/man8/pfctl.8][=pfctl(8)=]] if you plan on setting something like this up. They're all
-very well written and explain a lot of what I'm doing in very clear
-detail. You should also read the excellent [[https://www.openbsd.org/faq/pf/][PF FAQ]] from the OpenBSD
-website, which covers many more PF configuration examples.
-
-The first thing we'll have to do is install OpenBSD. In my case I
-created a virtual machine on a server in my house running [[https://www.proxmox.com/en/][Proxmox]]. In
-my case, the machine only has 1 vCPU and 512 MB RAM, which is more
-than enough in my case, but you should choose the best machine for
-your situation.
-
-I won't be covering installing OpenBSD here, although it's extremely
-simple and straight forward. You can pick up the disk =.iso= image or
-USB =.fs= image from the [[https://www.openbsd.org/faq/faq4.html#Download][download]] page on OpenBSD website. If this is
-your first time installing OpenBSD, you should check out the
-[[https://www.openbsd.org/faq/faq4.html#Download][installation guide]], which goes over the process in detail.
-
-In this post the machine will have a single network interface called
-=vio0= with a desired static IP of =192.168.0.11=, although the
-interface and IP in your case will be different.
+* The Problem
+  Say you have an account with a VPN provider. Maybe there are a limit
+  to how many connections you can have with one account, and you want to
+  put more machines than you have connections on the account. Or maybe
+  you want to put a large number of machines of the connection,
+  including maybe FreeBSD Jails, LXC containers, or VMs, and you don't
+  want to download the VPN profiles, sign in and configure them all
+  individually.
+
+* The Solution
+
+  The solution I came up with to this problem is to setup a VPN gateway
+  on my network using [[https://www.openbsd.org/faq/pf/][OpenBSD]]. Any device that sets that machine as it's
+  gateway will automatically get its traffic tunneled through the VPN
+  connection. It's also setup such that if the VPN connection ever drops
+  or gets killed for any reason, the traffic will stop and won't be able
+  to reach the internet. Thanks to this I don't have to worry about the
+  traffic ever leaking out through my residential gateway should OpenVPN
+  decide to close the connection. Sort of like a "kill switch", as some
+  companies market it.
+
+* Hardware
+
+  To replicate my setup you'll need a dedicated machine running
+  OpenBSD. You'll have to choose an appropriate host, taking into
+  consideration how much traffic you plan to put through it, the speed
+  of you VPN connection, and the speed of your home internet
+  connection. Anything from a virtual machine or a low power single
+  board PC will do in most cases, as home internet connections
+  generally aren't the fastest. If your internet connection is fast
+  enough though, you may consider [[https://blog.lambda.cx/posts/installing-openbsd-on-pcengines/][installing OpenBSD]] on a [[https://blog.lambda.cx/posts/pcengines-comparison/][PC Engines
+  APU2]], as they're affordable, have gigabit Ethernet, and great
+  OpenBSD driver support.  In my case I created a virtual machine on a
+  server in my house running [[https://www.proxmox.com/en/][Proxmox]]. In my case, the machine only has
+  1 vCPU and 512 MB RAM, which is more than enough for my needs.
+
+* Documentation
+
+  I highly recommend you check out the man pages for the firewall
+  configuration file format [[https://man.openbsd.org/man5/pf.conf.5][=pf.conf(5)=]], and the pf control command
+[[https://man.openbsd.org/man8/pfctl.8][  =pfctl(8)=]] if you plan on setting something like this up. They're all
+  very well written and explain a lot of what I'm doing in very clear
+  detail. You should also read the excellent [[https://www.openbsd.org/faq/pf/][PF FAQ]] from the OpenBSD
+  website, which covers many more PF configuration examples.
+
+* Install OpenBSD
+
+  I won't be covering installing OpenBSD here, although it's extremely
+  simple and straight forward. You can pick up the disk =.iso= image or
+  USB =.fs= image from the [[https://www.openbsd.org/faq/faq4.html#Download][download]] page on OpenBSD website. If this is
+  your first time installing OpenBSD, you should check out the
+[[https://www.openbsd.org/faq/faq4.html#Download][  installation guide]], which goes over the process in detail.
 
 * Configuring a static IP
   The most important thing is to set a static IP, so it can be set as
   the gateway for client machines. We'll set this first.
 
+  In this post the machine will have a single network interface called
+  =vio0= with a desired static IP of =192.168.0.11=, although the
+  interface and IP in your case will be differ.
+
   Setting a static IP in OpenBSD couldn't be simpler. For each interface
   on the machine, you can create a file with the name
   =/etc/hostname.<if>=, where =<if>= is the name of the interface. Since
-- 
cgit v1.2.3