From 64c66bddddb24f65a68b56eda473e8ca547bc4ec Mon Sep 17 00:00:00 2001
From: Dante Catalfamo
Date: Sat, 11 Jul 2020 14:12:12 -0400
Subject: Openbsd vpn gateway beginning

---
 content/posts/openbsd-vpn-gateway/index.org | 37 +++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 content/posts/openbsd-vpn-gateway/index.org

(limited to 'content/posts/openbsd-vpn-gateway/index.org')

diff --git a/content/posts/openbsd-vpn-gateway/index.org b/content/posts/openbsd-vpn-gateway/index.org
new file mode 100644
index 0000000..8633368
--- /dev/null
+++ b/content/posts/openbsd-vpn-gateway/index.org
@@ -0,0 +1,37 @@
+#+TITLE: Creating a VPN Gateway with OpenBSD
+#+DATE: 2020-07-11T13:48:25-04:00
+#+DRAFT: true
+#+DESCRIPTION:
+#+TAGS[]: openbsd openvpn
+#+KEYWORDS[]: openbsd openvpn
+#+SLUG:
+#+SUMMARY:
+
+Say you have an account with a VPN provider. Maybe there are a limit
+to how many connections you can have with one account, and you want to
+put more machines than you have connections on the account. Or maybe
+you want to put a large number of machines of the connection,
+including maybe FreeBSD Jails, LXC containers, or VMs, and you don't
+want to download the VPN profiles, and sign in and configure them all
+individually.
+
+The solution I came up with to this problem is to setup a VPN gateway
+on my network using [[https://www.openbsd.org/faq/pf/][OpenBSD]]. Any device that sets that machine as it's
+gateway will automatically get its traffic tunneled through the VPN
+connection. It's also setup such that if the VPN connection ever drops
+or gets killed for any reason, the traffic will stop and won't be able
+to reach the internet. Thanks to this I don't have to worry about the
+traffic ever leaking out through my residential gateway should OpenVPN
+decide to close the connection. Sort of like a "kill switch", as some
+companies market it.
+
+The process for this is actually simple enough, thanks to OpenBSD's
+[[https://www.openbsd.org/faq/pf/][PF]]. To replicate my setup you'll need a dedicated machine running
+OpenBSD. You'll have to choose an appropriate host, taking into
+consideration how much traffic you plan to put through it, the speed
+of you VPN connection, and the speed of your home internet
+connection. Anything from a virtual machine or a low power single
+board PC will do in most cases, as home internet connections generally
+aren't the fastest. If your internet connection is fast enough though,
+you may consider [[https://blog.lambda.cx/posts/installing-openbsd-on-pcengines/][installing OpenBSD]] on a [[https://blog.lambda.cx/posts/pcengines-comparison/][PC Engines APU2]], as they're
+affordable, have gigabit Ethernet, and great OpenBSD driver support.
-- 
cgit v1.2.3