Date: 11:04 AM 3/26/2008
Ver: $1.0
Author: Li Feng Shen
Copyrights (c) 2008 All Rights Reserved.
/*
Use on your own risks
*/
1) # cd /usr/ports/security/openvpn
# make install clean
### ------------------------------------------------------------------------
### The OpenVPN FreeBSD port, since v2.0.1, uses rcNG to start OpenVPN.
### Edit /etc/rc.conf to start OpenVPN automatically at system startup.
### See /usr/local/etc/rc.d/openvpn for details.
### ------------------------------------------------------------------------
### To get OpenVPN 1.X to talk with the new 2.0 version, you may need to
### edit the 1.X configuration file by adding these lines:
### tun-mtu 1500
### tun-mtu-extra 32
### mssfix 1450
### key-method 2 <- this key-method line only for TLS setups
### - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
### WARNING: THE DEFAULT PORT HAS CHANGED AND IS NOW 1194!
### OpenVPN 1.6 and older used 5000 rather than 1194 as their default
### port, so add the proper port options to your configuration file!
### - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
### For further compatibility, see
### ------------------------------------------------------------------------
### If you want to donate to OpenVPN:
### ------------------------------------------------------------------------
2) # mkdir /usr/local/etc/openvpn
# cp /usr/local/share/doc/openvpn/sample-config-files/server.conf /usr/local/etc/openvpn/openvpn.conf
# echo openvpn_enable=\"YES\" >> /etc/rc.conf
3) # cd /usr/local/share/doc/openvpn/easy-rsa
# vi vars
export KEY_COUNTRY=CN
export KEY_PROVINCE=GD
export KEY_CITY=Guangzhou
export KEY_ORG="SHAREUNION"
export KEY_EMAIL="hughr_going@hotmail.com"
# cd /usr/ports/shells/bash
# make install clean
# rehash
# bash
# source ./vars
# ./clean-all
# ./build-ca
# ./build-dh
# cp keys/ca.* /usr/local/etc/openvpn
# cp keys/dh1024.pem /usr/local/etc/openvpn
# vi /usr/local/etc/openvpn/openvpn.conf
modify
ca ca.crt
cert ca.crt
key ca.key
# /usr/local/etc/rc.d/openvpn start
# sockstat -4l
4) # cd /usr/local/share/openvpn/easy-rsa
# ./build-key office
# tar zcvf office.tar.gz ./keys/office*
# tar zcvf ca.tar.gz keys/ca*
download the office.tar.gz & ca.tar.gz to the local file system of you windows client.
5) # config your kernel with ipfirewall support
options IPFIREWALL
options IPDIVERT
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_VERBOSE
# config the following rules:
00100 allow ip from any to 0.0.4.170:0.0.4.170
00200 divert 8668 ip from any to any via bge0
6) download openvpn-gui for windows & install it.
create C:\Program Files\OpenVPN\config
extract all office.tar.gz & ca.tar.gz into C:\Program Files\OpenVPN\config
create a SHAREUNION.ovpn file
insert the following content into the file:
client
dev tun
proto udp
remote $IP_ADDRESS 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert office.crt
key office.key
comp-lzo
verb 3
7) right click on the shareunion.ovpn and select "start vpn on this config file" to test if the configuration file is ok.
8) done.