Configuring VPN in FreeBSD

Ensuring your network’s security is one of the key responsibilities in managing an IT infrastructure. One of the best ways to establish a secure connection over a potentially unsecure network is by setting up a Virtual Private Network (VPN). FreeBSD, a robust, versatile and advanced UNIX-like operating system, provides great support for configuring and using VPNs. To get some prerequisites, you can dive into our previous articles on FreeBSD-network-configuration-troubleshooting and implementing-firewalls-security-FreeBSD.

Before setting up the VPN, it’s essential to understand some basics as described in our post understanding-basic-commands-freebsd.

Now, let’s get started with setting up VPN in FreeBSD.

Step 1: Install OpenVPN

OpenVPN is an open-source VPN software that we’ll be using. First, update your ports tree by running the following command:

# portsnap fetch update

Then, navigate to the OpenVPN directory and install it.

# cd /usr/ports/security/openvpn/ && make install clean

or simply use the package management tool pkg if you prefer as covered on package-management-freebsd

# pkg install openvpn

Step 2: Configure OpenVPN

After installing OpenVPN on your FreeBSD machine, let’s proceed to configure it. You can configure openVPN in two modes: static-key mode or TLS mode. For simplicity, we will use the static key method in this tutorial.

Create OpenVPN’s static key:

# openvpn --genkey --secret /usr/local/etc/openvpn/static.key

Now, we’ll establish a VPN tunnel between two hosts on different networks.

On the server, create a server.conf file in /usr/local/etc/openvpn/.

# vi /usr/local/etc/openvpn/server.conf

Add the following lines to the server.conf file:

dev tun
ifconfig 10.8.0.1 10.8.0.2
secret static.key

Save and close the file.

Further information on network interfaces and common configurations can be found on our configuring-network-interfaces and freebsd-network-bonding-aggregation blogs.

On the client, create a client.conf file with the following content. Replace the remote line with your server’s IP address.

dev tun
ifconfig 10.8.0.2 10.8.0.1
secret static.key
remote [YourServer'sIPAddress]

Fore more details about IPv4 and IPv6 configuration, visit our ipv6-configuration-freebsd.

Step 4: Start OpenVPN

Start the VPN on both the server and client by invoking openvpn with the respective configuration file.

On the server:

# openvpn --config /usr/local/etc/openvpn/server.conf

On the client:

# openvpn --config /usr/local/etc/openvpn/client.conf

Ensure that openVPN runs at startup, add the following line to your /etc/rc.conf:

openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/server.conf"

On the client, add:

openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/client.conf"

Take a look at managing-services-daemons-freebsd for more details on managing services on FreeBSD.

To verify that the VPN is working correctly, try to ping the VPN IP address of the other side from both sides. Do not forget to allow traffic through the VPN link by correctly setting up your firewall. Our blog post on freebsd-firewall-configuration can help you with that.

With the VPN set up, you’ve strengthened your network’s security, allowing your team to work safely from remote locations.

A comprehensive guide on hardening your FreeBSD system further can be found in our blog post best-practices-system-hardening-security-freebsd. Remember, security is a continuous process and should be regularly reviewed and updated.

If you somehow run into trouble while configuring your VPN, our post on common-freebsd-errors-solutions might be able to assist you.

Once you’ve mastered configuring VPN in FreeBSD, you may want to consider exploring FreeBSD virtualization techniques, cloud computing or Shell scripting, all exciting areas to increase your FreeBSD expertise. More power to you!