Both TCP and UDP is also possible (if it hasn't been mentioned before)
/usr/local/etc/ipfw.rules
in jail rc.conf
openvpn-tcp.conf
openvpn.conf
/usr/local/etc/ipfw.rules
Code:
#!/bin/sh EPAIR=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep epair) ipfw -q -f flush ipfw -q nat 1 config if ${EPAIR} ipfw -q add nat 1 all from 10.8.0.0/24 to any out via ${EPAIR} ipfw -q add nat 1 all from 10.9.0.0/24 to any out via ${EPAIR} ipfw -q add nat 1 all from any to any in via ${EPAIR} TUN0=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun -m1) ifconfig ${TUN0} name tun0 TUN1=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/egrep tun[^0]) ifconfig ${TUN1} name tun1
in jail rc.conf
Code:
openvpnudp_enable="YES" openvpnudp_if="tun" openvpnudp_configfile="/mnt/openvpn/openvpn.conf" openvpnudp_dir="/mnt/openvpn" openvpntcp_enable="YES" openvpntcp_if="tun" openvpntcp_configfile="/mnt/openvpn/openvpn-tcp.conf" openvpntcp_dir="/mnt/openvpn" cloned_interfaces="tun tun" gateway_enable="YES" firewall_enable="YES" firewall_script="/usr/local/etc/ipfw.rules"
openvpn-tcp.conf
Code:
port 10011 proto tcp dev tun1 ca /mnt/openvpn/keys/ca.crt cert /mnt/openvpn/keys/issued/openvpn-server.crt #Server key created previously key /mnt/openvpn/keys/private/openvpn-server.key dh /mnt/openvpn/keys/dh.pem #Diffie-Hellman parameters are now 2048 bits long server 10.9.0.0 255.255.255.0 #Purple network ifconfig-pool-persist ipp.txt push "route 192.168.178.0 255.255.255.0" #Yellow network route 192.168.178.4 255.255.255.0 10.9.0.1 #Routes traffic from the Yellow network side (10.0.0.0/24) #to the Purple network side (10.8.0.0/24) push "dhcp-option DNS 192.168.178.1" #push "redirect-gateway def1" push "redirect-gateway def1 bypass-dhcp" tls-auth /mnt/openvpn/keys/auth.key 0 # REVOCATION LIST: #crl-verify /mnt/openvpn/keys/crl.pem keepalive 10 120 group nobody user nobody comp-lzo persist-key persist-tun verb 3 duplicate-cn
openvpn.conf
Code:
port 10011 proto udp dev tun0 ca /mnt/openvpn/keys/ca.crt cert /mnt/openvpn/keys/issued/openvpn-server.crt #Server key created previously key /mnt/openvpn/keys/private/openvpn-server.key dh /mnt/openvpn/keys/dh.pem #Diffie-Hellman parameters are now 2048 bits long server 10.8.0.0 255.255.255.0 #Purple network ifconfig-pool-persist ipp.txt push "route 192.168.178.0 255.255.255.0" #Yellow network route 192.168.178.4 255.255.255.0 10.8.0.1 #Routes traffic from the Yellow network side (10.0.0.0/24) #to the Purple network side (10.8.0.0/24) push "dhcp-option DNS 192.168.178.1" #push "redirect-gateway def1" push "redirect-gateway def1 bypass-dhcp" tls-auth /mnt/openvpn/keys/auth.key 0 # REVOCATION LIST: #crl-verify /mnt/openvpn/keys/crl.pem keepalive 10 120 group nobody user nobody comp-lzo persist-key persist-tun verb 3 duplicate-cn