Contributed by grey on from the because sometimes you don't want to use ipsec dept.
I've written a HOWTO for OpenVPN 2.0 on OpenBSD. It covers configuration in bridging and in routing mode. It is available here:
http://blog.innerewut.de/articles/2005/07/04/openvpn-2-0-on-openbsd
(Comments are closed)
By m0th (212.202.23.198) tom@replic8.net on
thanks.
Comments
By m0th (212.202.23.198) tom@replic8.net on
sorry.
BUT the rss-feed (which actually informed me of this new article) includes a expired session id to this story. why is that?
thanks, again.
By mirabile (213.196.252.16) on http://mirbsd.de/
I have tested an OpenVPN tunnel from behind an ADSL router at home
to a dedicated server at a hoster. In Germany, most ADSL
providers disconnect the line every 12 or 24 hours, with an
instant re-dial-in possible (you get a different IPv4 tho).
Related to that, I got crashes - usually the VPN server crashed
first, the client later. I nailed that down to the tun(4)
device [used in tun or tap (link2) mode, no matter] by replacing
OpenVPN with netcat and ksh.
I also got more crashes with IPv6 (on the interior of the tunnel)
than without.
Admittedly, I did not do these tests with pristine OpenBSD, but
a friend did. He got the same crashes as I did with OpenVPN but
didn't do much further testing. He even got _some_ (but not as
many) crashes with IPsec.
Maybe there's something in the routing code broken?
We used host routes like Kili wrote once to mark the route to
the "outer side" gateway, like this:
route -n add -inet -host 192.168.0.221 -interface -link vr0:
route -n add -inet default 192.168.0.221 -mtu 1454
I tested disconnecting by manually killing the ppp(8) on the
ADSL router then restarting it (ifconfig down/up for pppoe(4) is
the equivalent). If people can reproduce that, I would be
glad if they can sort that out with the OpenBSD developers;
my kernel coding experience is basically nonexistent I admit.
Comments
By Hans Hoexer (131.188.33.51) on
Comments
By Nikademus (85.201.21.164) nikademus@llorien.org on http://www.llorien.org
Comments
By Anonymous Coward (69.197.92.181) on
I have run openbsd ipsec VPNs over horrible links that go down for minutes at a time several times a day with no problems though, so I wonder if maybe he just had bad hardware.
Comments
By phessler (208.201.244.164) on
Comments
By Anonymous Coward (69.197.92.181) on
By mirabile (213.196.249.165) on http://mirbsd.de/
The crashes were total freezes; since I was in X11 at that time
I don't know if there was a ddb. The server was remote, and I did
not see anything in the syslog after it came back up (probably due
to the crash). I did not, at that time, have means to gather
console output.
But I could (in my tests) reproduce them with netcat instead of
OpenVPN, that's why they were definitively not OpenVPN's fault.
I did, however, get some strange routing messages, that's why I
suppose there is (or was?) a problem with routing.
I don't have boxen to throw OpenBSD on for testing, though. (In
fact, I even can't afford a new coffee machine at the moment, and
my old one is broken... but that's off-topic.)
That's why it seemed natural for me to post it here, where
maybe others who have seen similar things can step in. If
I wanted to submit a bug report I had done different things.
I also recall wbx telling me about some crashes when he tested
OpenVPN first, but I don't want to put words in his mouth and
I don't remember the exact problems.
By Hans Hoexer (131.188.28.69) on
By Jonathan (85.178.209.255) on http://blog.innerewut.de
By phessler (64.173.147.27) on
Comments
By amirm (208.34.41.180) on
By Charles Hill (216.229.170.65) on