OpenVPN

Get faster OpenVPN on FreeBSD by enabling DCO – easily done

Leave a Comment / FreeBSD, Open Source, OpenVPN / By /

I’ve been configuring a new gateway server for use in my basement data center (home lab). I had recently read about DCO and FreeBSD’s opvn device. DCO (Data Channel Offload) let’s OpenVPN use the encryption features available in many CPUs. In my previous post, I checked; my OpenVPN server and most of the clients are DCO-capable. I decided to try it. I found documentation lacking as to how to use it. I took […]

Get faster OpenVPN on FreeBSD by enabling DCO – easily done Read More »

Problems with OpenVPN when server is FreeBSD 14.2 and client is 14.1

Leave a Comment / Bacula, FreeBSD, Open Source, OpenVPN / By /

After replacing an existing gateway with new hardware, the OpenVPN connections had issues. The clients would connect, but non-trivial amounts of traffic would cause errors. This post contains a workaround, by upgrading the OS. I would like to know the cause. In this post, these are the version in use: FreeBSD 14.2 (for the OpenVPN server and some of the clients) FreeBSD 14.1 (for some of the clients) OpenVPN 2.6.13 (on the server

Problems with OpenVPN when server is FreeBSD 14.2 and client is 14.1 Read More »

OpenVPN: unsupported certificate purpose

Leave a Comment / General, OpenSSL, OpenVPN, ssl-admin / By /

See also SSL client vs server certificates and bacula-fd. I use OpenVPN since at least 2008 – now going on 13 years. I find it to be reliable and stable. A few days ago, I added another client to a VPN. I run this particular network with self-signed certificates which I create using ssl-admin – I find it particularly useful for this purpose. The problem Away I went, creating a new certicate, bundled

OpenVPN: unsupported certificate purpose Read More »

Some OpenVPN notes, just for me

Leave a Comment / OpenVPN / By /

Today I added a OpenVPN client to a recent laptop I acquired. It was for my mom, but COVID19 has prevented that trip. Sometimes a task is so rarely performed that the steps are unfamiliar or even unknown. This is what I had to do today. The client zip package I create with ssl-admin works fine. Only two changes required from the default settings after importing the files into Viscosity (the OpenVPN client

Some OpenVPN notes, just for me Read More »

OSX Mail crashes when using TunnelBlick and setting DNS/WINS

Leave a Comment / Apple, OpenVPN / By /

I encounter edge cases. It’s not fun. This particular situation caused OXS Mail.app to crash when using a VPN. The outline This particular edge case involved the following: OSX 10.11.1 (15B42) Tunnelblick 3.5.5 (build 4270.4461) Mail.app When running Mail.app, it would crash within 5-10 seconds. The full dump of the crash has been sent to Apple, multiple times. Also of note: My mail server is not at home… it’s out there on the

OSX Mail crashes when using TunnelBlick and setting DNS/WINS Read More »

OpenVPN clients don’t react well when the server goes down

Leave a Comment / Open Source, OpenVPN / By /

I had a power failure at home tonight. The clients did not react well to the outage. They aren’t at home. They’re out there on the internets. Jul 9 01:02:49 tallboy openvpn[40792]: UDPv4 link local (bound): [AF_INET]10.233.228.194:1194 Jul 9 01:03:51 tallboy openvpn[40792]: UDPv4 link local (bound): [AF_INET]10.233.228.194:1194 Jul 9 01:04:53 tallboy openvpn[40792]: UDPv4 link local (bound): [AF_INET]10.233.228.194:1194 Jul 9 01:05:56 tallboy openvpn[40792]: UDPv4 link local (bound): [AF_INET]10.233.228.194:1194 Jul 9 01:06:58 tallboy openvpn[40792]: UDPv4

OpenVPN clients don’t react well when the server goes down Read More »

Accessing FreeBSD Jails over OpenVPN

Leave a Comment / FreeBSD, Jails, OpenVPN / By /

With this new server, I am taking a new approach. Each jail will have at least three IP addresses: The public IP4 address, used by internet facing services (e.g. http or https) The public IPv6 address, similar to the above A VPN address, used for system administration and private services (e.g. nrpe) In this article, I will assume you are familiar with ezjail, FreeBSD jails, basic networking, OpenVPN, and ZFS. That is, this

Accessing FreeBSD Jails over OpenVPN Read More »

Exciting project ahead

Leave a Comment / FreeBSD, Open Source, OpenVPN, ZFS / By /

I have an exciting project ahead of me. I will soon be configuring a new server. It will be ZFSROOT running a pair of mirrored 500GB disks. I plan to use a configuration tool for management of this server. The final choice of tools is yet to be decided. The services provided by this server will be primarily based on jails. The use of a configuration tool will simplify future redeployments. I’m doing

Exciting project ahead Read More »

running OpenVPN as something other than nobody:nobody

Leave a Comment / Open Source, OpenVPN / By /

I am a big fan of OpenVPN. I’ve been using it since 2008. It’s been extremely reliable and stable. Out of the box, at least on FreeBSD, it runs as nobody:nobody (not really, but that’s how most people configure it). I can’t point to am immediate security issue with this situation. However, I’d prefer it to run as something else. How, about running it as openvpn:openvpn? NOTE: In the original version of this

running OpenVPN as something other than nobody:nobody Read More »

OpenVPN and dynamic DNS

Leave a Comment / DNS, FreeBSD, nsupdate, Open Source, OpenVPN / By /

My laptop’s hostname is dent. I want my DNS records to point to that laptop whether I’m connected to my LAN directly (via WIFI or ethernet cable) or via OpenVPN (my VPN of choice). SIDE NOTE: You will see references to nsupdate -k below. Note that in recent versions of this program, the option you want has changed to nsupdate -y. You will find an example of the new format later in this

OpenVPN and dynamic DNS Read More »

Scroll to Top