OpenBSD Journal

OpenVPN on OpenBSD

Contributed by grey on from the simpler alternatives to IPSec dept.

Rhea Heuermann writes:

I have completed some documents that show OpenBSD installation with OpenVPN and OpenVPN on XP client. They provide a step by step guide to a secure VPN tunnel between an XP client and OpenBSD Firewall / Server.

I would greatly appreciate feedback and post your comments to the site so that others can benefit. These documents may be rough in some spots but Iíve run out of time to edit them further. Hopefully they may be of use to the community.

Though Iím still looking for a home for them, Iíve had a lot of e-mails requesting them so Iíve posted them to a temporary site until something more permanent can be found, hereís the link:

Rhea Heuermann

(Comments are closed)

  1. By Peter Dembinski ( on

    Place that docs on

    1. By Venture37 ( venture37 # hotmail com on

      Im looking forward to trying this out next week when I have some time :)

    2. By Rhea Heuermann ( on

      Yes, I think it will end up on or I've gotten one other offer to place it... However, the html is still a mess and I think that openbsdsupport has paying jobs that have them too busy for review and it's not fair to ask them to cleanup the html files. So I'll probably get them on the site eventually, when they finish making some changes to their web database engine and I have time to clean up the html or convert to text at least. I just got a lot of e-mail requests and being short on time, posted them- also get some feedback on them to incorporate into the final versions, as I'm no expert myself. Rhea

  2. By Luiz Gustavo ( on

    Peter Guttman didn't say something about OpenVPN being poo?

    1. By SH ( on

      OpenVPN did not come out unfavorably in Linux VPN, even though others get some flak. OpenVPN guilty by association? ;-)

      1. By James Yonan ( on

        OpenVPN has been designed from the start to use a solid, well-researched security model.

        See here for the details:

        Also see this paper:

        Peter Gutmann has looked at OpenVPN and did not find much to criticize. We had some very productive correspondence during the development of 1.5, he contributed some code, made some good recommendations such as using Explicit IV rather than Implicit IV, and urged me to document some of the message deletion/reordering issues implicit in tunneling protocols over UDP (now part of the replay-window documentation in the man page).


        1. By SH ( on

          Actually, I've tried openvpn-2.0_rc13 on OpenBSD 3.6 and -current, and it seems to work fine. Looking forward to release of 2.0.



Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]