Инструкция должна подходить к большинству версий FreeBDSM и производных
Для примера возьмём чистую систему на bhyve виртуалке, работаем под рутом
## Установка пакетов
```
root@iscsi:/home/test # pkg install openvpn
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
Installing pkg-1.10.1...
Extracting pkg-1.10.1: 100%
Updating FreeBSD repository catalogue...
Fetching meta.txz: 100% 944 B 0.9kB/s 00:01
Fetching packagesite.txz: 100% 6 MiB 663.8kB/s 00:09
Processing entries: 100%
FreeBSD repository update completed. 26288 packages processed.
All repositories are up to date.
Updating database digests format: 100%
The following 4 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
openvpn: 2.4.2
easy-rsa: 3.0.1_1
lzo2: 2.10_1
liblz4: 1.7.5,1
Number of packages to be installed: 4
The process will require 3 MiB more space.
696 KiB to be downloaded.
Proceed with this action? [y/N]: y
[1/4] Fetching openvpn-2.4.2.txz: 100% 455 KiB 466.3kB/s 00:01
[2/4] Fetching easy-rsa-3.0.1_1.txz: 100% 33 KiB 33.4kB/s 00:01
[3/4] Fetching lzo2-2.10_1.txz: 100% 113 KiB 115.4kB/s 00:01
[4/4] Fetching liblz4-1.7.5,1.txz: 100% 95 KiB 97.4kB/s 00:01
Checking integrity... done (0 conflicting)
[1/4] Installing easy-rsa-3.0.1_1...
[1/4] Extracting easy-rsa-3.0.1_1: 100%
[2/4] Installing lzo2-2.10_1...
[2/4] Extracting lzo2-2.10_1: 100%
[3/4] Installing liblz4-1.7.5,1...
[3/4] Extracting liblz4-1.7.5,1: 100%
[4/4] Installing openvpn-2.4.2...
Extracting openvpn-2.4.2: 100%
Message from openvpn-2.4.2:
### ------------------------------------------------------------------------
### Edit /etc/rc.conf[.local] to start OpenVPN automatically at system
### startup. See /usr/local/etc/rc.d/openvpn for details.
### ------------------------------------------------------------------------
### Connect to VPN server as a client with this command to include
### the client.up/down scripts in the initialization:
### openvpn-client <spec>.ovpn
### ------------------------------------------------------------------------
### For compatibility notes when interoperating with older OpenVPN
### versions, please, see <http://openvpn.net/relnotes.html>
### ------------------------------------------------------------------------
```
если сам pkg не был установлен, система это предложит
## Лепим конфиг
```
root@iscsi:/home/test # fetch https://zaborona.help/zaborona-help.ovpn
Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
34374329736:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1264:
fetch: https://zaborona.help/zaborona-help.ovpn: Authentication error
root@iscsi:/home/test # fetch --no-verify-peer https://zaborona.help/zaborona-help.ovpn
zaborona-help.ovpn 100% of 4532 B 14 MBps 00m00s
root@iscsi:/home/test # cp zaborona-help.ovpn /usr/local/etc/openvpn/openvpn.conf
cp: /usr/local/etc/openvpn/openvpn.conf: No such file or directory
root@iscsi:/home/test # mkdir /usr/local/etc/openvpn/
root@iscsi:/home/test # cp zaborona-help.ovpn /usr/local/etc/openvpn/openvpn.conf
```
Почти всё готово, теперь добавляем в openvpn в конфиг и запускаем, проверяем
```
root@iscsi:/home/test # echo 'openvpn_enable="YES"' >> /etc/rc.conf
root@iscsi:/home/test # service openvpn restart
openvpn not running? (check /var/run/openvpn.pid).
Starting openvpn.
root@iscsi:/home/test # netstat -nr | grep tun0
5.45.192.0/18 192.168.224.1 UGS tun0
5.61.16.0/21 192.168.224.1 UGS tun0
5.61.232.0/21 192.168.224.1 UGS tun0
5.255.192.0/18 192.168.224.1 UGS tun0
37.9.64.0/18 192.168.224.1 UGS tun0
37.140.128.0/18 192.168.224.1 UGS tun0
74.82.42.42/32 192.168.224.1 UGS tun0
77.74.176.0/22 192.168.224.1 UGS tun0
77.74.176.0/21 192.168.224.1 UGS tun0
77.74.181.0/24 192.168.224.1 UGS tun0
77.74.183.0/24 192.168.224.1 UGS tun0
77.75.152.0/22 192.168.224.1 UGS tun0
77.75.159.0/24 192.168.224.1 UGS tun0
77.88.0.0/18 192.168.224.1 UGS tun0
79.137.157.0/24 192.168.224.1 UGS tun0
79.137.183.0/24 192.168.224.1 UGS tun0
84.201.128.0/18 192.168.224.1 UGS tun0
87.240.128.0/18 192.168.224.1 UGS tun0
87.250.224.0/19 192.168.224.1 UGS tun0
91.103.64.0/21 192.168.224.1 UGS tun0
93.158.128.0/18 192.168.224.1 UGS tun0
93.159.224.0/21 192.168.224.1 UGS tun0
93.159.228.0/22 192.168.224.1 UGS tun0
93.186.224.0/20 192.168.224.1 UGS tun0
94.100.176.0/20 192.168.224.1 UGS tun0
95.108.128.0/17 192.168.224.1 UGS tun0
95.142.192.0/20 192.168.224.1 UGS tun0
95.163.32.0/19 192.168.224.1 UGS tun0
95.163.248.0/21 192.168.224.1 UGS tun0
95.213.0.0/18 192.168.224.1 UGS tun0
100.43.64.0/19 192.168.224.1 UGS tun0
109.235.160.0/21 192.168.224.1 UGS tun0
128.140.168.0/21 192.168.224.1 UGS tun0
130.193.32.0/19 192.168.224.1 UGS tun0
141.8.128.0/18 192.168.224.1 UGS tun0
178.22.88.0/21 192.168.224.1 UGS tun0
178.154.128.0/17 192.168.224.1 UGS tun0
178.237.16.0/20 192.168.224.1 UGS tun0
185.5.136.0/22 192.168.224.1 UGS tun0
185.16.148.0/22 192.168.224.1 UGS tun0
185.16.244.0/22 192.168.224.1 UGS tun0
185.29.130.0/24 192.168.224.1 UGS tun0
185.32.185.0/24 192.168.224.1 UGS tun0
185.32.186.0/24 192.168.224.1 UGS tun0
185.32.248.0/22 192.168.224.1 UGS tun0
185.54.220.0/23 192.168.224.1 UGS tun0
185.71.76.0/22 192.168.224.1 UGS tun0
185.85.12.0/24 192.168.224.1 UGS tun0
185.85.14.0/23 192.168.224.1 UGS tun0
188.93.56.0/21 192.168.224.1 UGS tun0
192.168.224.0/22 192.168.224.1 UGS tun0
192.168.224.1 link#3 UH tun0
194.186.63.0/24 192.168.224.1 UGS tun0
195.211.20.0/22 192.168.224.1 UGS tun0
195.211.128.0/22 192.168.224.1 UGS tun0
195.218.168.0/24 192.168.224.1 UGS tun0
199.21.96.0/22 192.168.224.1 UGS tun0
199.36.240.0/22 192.168.224.1 UGS tun0
208.87.94.0/24 192.168.224.1 UGS tun0
213.180.192.0/19 192.168.224.1 UGS tun0
217.20.144.0/20 192.168.224.1 UGS tun0
217.69.128.0/20 192.168.224.1 UGS tun0
root@iscsi:/home/test # ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 192.168.226.41 --> 192.168.224.1 netmask 0xfffffc00
nd6 options=1<PERFORMNUD>
groups: tun
Opened by PID 2737
```
Сессия поднялась, маршрутики прописались
## Если машина роутер
На примере ipfw, добавляем новый нат
```
ipfw nat 4 config log if tun0 reset same_ports deny_in
ipfw add nat 4 ip from any to any via tun0
```
Если не наворачивали выше ничего запрещающего, то все машины во внутренней сети будут ходить куда надо
Для примера возьмём чистую систему на bhyve виртуалке, работаем под рутом
## Установка пакетов
```
root@iscsi:/home/test # pkg install openvpn
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
Installing pkg-1.10.1...
Extracting pkg-1.10.1: 100%
Updating FreeBSD repository catalogue...
Fetching meta.txz: 100% 944 B 0.9kB/s 00:01
Fetching packagesite.txz: 100% 6 MiB 663.8kB/s 00:09
Processing entries: 100%
FreeBSD repository update completed. 26288 packages processed.
All repositories are up to date.
Updating database digests format: 100%
The following 4 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
openvpn: 2.4.2
easy-rsa: 3.0.1_1
lzo2: 2.10_1
liblz4: 1.7.5,1
Number of packages to be installed: 4
The process will require 3 MiB more space.
696 KiB to be downloaded.
Proceed with this action? [y/N]: y
[1/4] Fetching openvpn-2.4.2.txz: 100% 455 KiB 466.3kB/s 00:01
[2/4] Fetching easy-rsa-3.0.1_1.txz: 100% 33 KiB 33.4kB/s 00:01
[3/4] Fetching lzo2-2.10_1.txz: 100% 113 KiB 115.4kB/s 00:01
[4/4] Fetching liblz4-1.7.5,1.txz: 100% 95 KiB 97.4kB/s 00:01
Checking integrity... done (0 conflicting)
[1/4] Installing easy-rsa-3.0.1_1...
[1/4] Extracting easy-rsa-3.0.1_1: 100%
[2/4] Installing lzo2-2.10_1...
[2/4] Extracting lzo2-2.10_1: 100%
[3/4] Installing liblz4-1.7.5,1...
[3/4] Extracting liblz4-1.7.5,1: 100%
[4/4] Installing openvpn-2.4.2...
Extracting openvpn-2.4.2: 100%
Message from openvpn-2.4.2:
### ------------------------------------------------------------------------
### Edit /etc/rc.conf[.local] to start OpenVPN automatically at system
### startup. See /usr/local/etc/rc.d/openvpn for details.
### ------------------------------------------------------------------------
### Connect to VPN server as a client with this command to include
### the client.up/down scripts in the initialization:
### openvpn-client <spec>.ovpn
### ------------------------------------------------------------------------
### For compatibility notes when interoperating with older OpenVPN
### versions, please, see <http://openvpn.net/relnotes.html>
### ------------------------------------------------------------------------
```
если сам pkg не был установлен, система это предложит
## Лепим конфиг
```
root@iscsi:/home/test # fetch https://zaborona.help/zaborona-help.ovpn
Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
34374329736:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1264:
fetch: https://zaborona.help/zaborona-help.ovpn: Authentication error
root@iscsi:/home/test # fetch --no-verify-peer https://zaborona.help/zaborona-help.ovpn
zaborona-help.ovpn 100% of 4532 B 14 MBps 00m00s
root@iscsi:/home/test # cp zaborona-help.ovpn /usr/local/etc/openvpn/openvpn.conf
cp: /usr/local/etc/openvpn/openvpn.conf: No such file or directory
root@iscsi:/home/test # mkdir /usr/local/etc/openvpn/
root@iscsi:/home/test # cp zaborona-help.ovpn /usr/local/etc/openvpn/openvpn.conf
```
Почти всё готово, теперь добавляем в openvpn в конфиг и запускаем, проверяем
```
root@iscsi:/home/test # echo 'openvpn_enable="YES"' >> /etc/rc.conf
root@iscsi:/home/test # service openvpn restart
openvpn not running? (check /var/run/openvpn.pid).
Starting openvpn.
root@iscsi:/home/test # netstat -nr | grep tun0
5.45.192.0/18 192.168.224.1 UGS tun0
5.61.16.0/21 192.168.224.1 UGS tun0
5.61.232.0/21 192.168.224.1 UGS tun0
5.255.192.0/18 192.168.224.1 UGS tun0
37.9.64.0/18 192.168.224.1 UGS tun0
37.140.128.0/18 192.168.224.1 UGS tun0
74.82.42.42/32 192.168.224.1 UGS tun0
77.74.176.0/22 192.168.224.1 UGS tun0
77.74.176.0/21 192.168.224.1 UGS tun0
77.74.181.0/24 192.168.224.1 UGS tun0
77.74.183.0/24 192.168.224.1 UGS tun0
77.75.152.0/22 192.168.224.1 UGS tun0
77.75.159.0/24 192.168.224.1 UGS tun0
77.88.0.0/18 192.168.224.1 UGS tun0
79.137.157.0/24 192.168.224.1 UGS tun0
79.137.183.0/24 192.168.224.1 UGS tun0
84.201.128.0/18 192.168.224.1 UGS tun0
87.240.128.0/18 192.168.224.1 UGS tun0
87.250.224.0/19 192.168.224.1 UGS tun0
91.103.64.0/21 192.168.224.1 UGS tun0
93.158.128.0/18 192.168.224.1 UGS tun0
93.159.224.0/21 192.168.224.1 UGS tun0
93.159.228.0/22 192.168.224.1 UGS tun0
93.186.224.0/20 192.168.224.1 UGS tun0
94.100.176.0/20 192.168.224.1 UGS tun0
95.108.128.0/17 192.168.224.1 UGS tun0
95.142.192.0/20 192.168.224.1 UGS tun0
95.163.32.0/19 192.168.224.1 UGS tun0
95.163.248.0/21 192.168.224.1 UGS tun0
95.213.0.0/18 192.168.224.1 UGS tun0
100.43.64.0/19 192.168.224.1 UGS tun0
109.235.160.0/21 192.168.224.1 UGS tun0
128.140.168.0/21 192.168.224.1 UGS tun0
130.193.32.0/19 192.168.224.1 UGS tun0
141.8.128.0/18 192.168.224.1 UGS tun0
178.22.88.0/21 192.168.224.1 UGS tun0
178.154.128.0/17 192.168.224.1 UGS tun0
178.237.16.0/20 192.168.224.1 UGS tun0
185.5.136.0/22 192.168.224.1 UGS tun0
185.16.148.0/22 192.168.224.1 UGS tun0
185.16.244.0/22 192.168.224.1 UGS tun0
185.29.130.0/24 192.168.224.1 UGS tun0
185.32.185.0/24 192.168.224.1 UGS tun0
185.32.186.0/24 192.168.224.1 UGS tun0
185.32.248.0/22 192.168.224.1 UGS tun0
185.54.220.0/23 192.168.224.1 UGS tun0
185.71.76.0/22 192.168.224.1 UGS tun0
185.85.12.0/24 192.168.224.1 UGS tun0
185.85.14.0/23 192.168.224.1 UGS tun0
188.93.56.0/21 192.168.224.1 UGS tun0
192.168.224.0/22 192.168.224.1 UGS tun0
192.168.224.1 link#3 UH tun0
194.186.63.0/24 192.168.224.1 UGS tun0
195.211.20.0/22 192.168.224.1 UGS tun0
195.211.128.0/22 192.168.224.1 UGS tun0
195.218.168.0/24 192.168.224.1 UGS tun0
199.21.96.0/22 192.168.224.1 UGS tun0
199.36.240.0/22 192.168.224.1 UGS tun0
208.87.94.0/24 192.168.224.1 UGS tun0
213.180.192.0/19 192.168.224.1 UGS tun0
217.20.144.0/20 192.168.224.1 UGS tun0
217.69.128.0/20 192.168.224.1 UGS tun0
root@iscsi:/home/test # ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 192.168.226.41 --> 192.168.224.1 netmask 0xfffffc00
nd6 options=1<PERFORMNUD>
groups: tun
Opened by PID 2737
```
Сессия поднялась, маршрутики прописались
## Если машина роутер
На примере ipfw, добавляем новый нат
```
ipfw nat 4 config log if tun0 reset same_ports deny_in
ipfw add nat 4 ip from any to any via tun0
```
Если не наворачивали выше ничего запрещающего, то все машины во внутренней сети будут ходить куда надо
Запостил, спасибо https://github.com/zhovner/zaborona_help/wiki/FreeBSD
ОтветитьУдалитьКак установить сие чудо на Raspberry PI3 rasbian?
ОтветитьУдалитьУстановлен медиаплеер KODI/
Пробовал по этой инструкции не помогло http://xbmc.ru/forum/showpost.php?p=122085&postcount=4
Добрый день!
ОтветитьУдалитьНа freeBSD вот такое наблюдается в логах: Как исправить или тут всё ок?
May 19 20:29:26 A9t openvpn[46775]: Unrecognized option or missing or
extra parameter(s) in /usr/local/etc/openvpn/openvpn.conf:15:
block-outside-dns (2.4.6)
May 19 20:29:26 A9t openvpn[46775]: OpenVPN 2.4.6
i386-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA]
[AEAD] built on Apr 26 2018
May 19 20:29:26 A9t openvpn[46775]: library versions: OpenSSL
1.0.2o-freebsd 27 Mar 2018, LZO 2.10
May 19 20:29:27 A9t openvpn[48227]: TCP/UDP: Preserving recently used
remote address: [AF_INET]94.242.59.92:1194
May 19 20:29:27 A9t openvpn[48227]: Attempting to establish TCP
connection with [AF_INET]94.242.59.92:1194 [nonblock]
May 19 20:29:28 A9t openvpn[48227]: TCP connection established with
[AF_INET]94.242.59.92:1194
May 19 20:29:28 A9t openvpn[48227]: TCP_CLIENT link local: (not bound)
May 19 20:29:28 A9t openvpn[48227]: TCP_CLIENT link remote:
[AF_INET]94.242.59.92:1194
May 19 20:29:28 A9t openvpn[48227]: [zaborona.help] Peer Connection
Initiated with [AF_INET]94.242.59.92:1194
May 19 20:29:29 A9t console-kit-daemon[40888]: WARNING: Error waiting
for native console 1 activation: Inappropriate ioctl for device
May 19 20:29:30 A9t openvpn[48227]: GDG6: problem writing to routing socket
May 19 20:29:30 A9t openvpn[48227]: TUN/TAP device /dev/tun0 opened
May 19 20:29:30 A9t kernel: tun0: link state changed to UP
May 19 20:29:30 A9t openvpn[48227]: do_ifconfig, tt->did_ifconfig_ipv6_setup=1
May 19 20:29:30 A9t openvpn[48227]: /sbin/ifconfig tun0 192.168.226.72
192.168.224.1 mtu 1500 netmask 255.255.252.0 up
May 19 20:29:30 A9t openvpn[48227]: /sbin/ifconfig tun0 inet6
2a00:1838:30:7200::1246/112
May 19 20:29:32 A9t openvpn[48227]:
add_route_ipv6(2a00:1838:35:a0::/64 -> 2a00:1838:30:7200::1 metric -1)
dev tun0
May 19 20:29:32 A9t openvpn[48227]:
add_route_ipv6(2a00:1838:35:80::/64 -> 2a00:1838:30:7200::1 metric -1)
dev tun0
May 19 20:29:32 A9t openvpn[48227]: add_route_ipv6(2001:678:384::/48
-> 2a00:1838:30:7200::1 metric -1) dev tun0
May 19 20:29:32 A9t openvpn[48227]: add_route_ipv6(2620:10f:d000::/44
-> 2a00:1838:30:7200::1 metric -1) dev tun0
May 19 20:29:32 A9t openvpn[48227]: add_route_ipv6(2a02:6b8::/32 ->
2a00:1838:30:7200::1 metric -1) dev tun0
May 19 20:29:32 A9t openvpn[48227]: add_route_ipv6(2a02:5180::/32 ->
2a00:1838:30:7200::1 metric -1) dev tun0
May 19 20:29:32 A9t openvpn[48227]: add_route_ipv6(2a00:1148::/32 ->
2a00:1838:30:7200::1 metric -1) dev tun0
May 19 20:29:32 A9t openvpn[48227]: add_route_ipv6(2a00:a300::/32 ->
2a00:1838:30:7200::1 metric -1) dev tun0
May 19 20:29:32 A9t openvpn[48227]: add_route_ipv6(2a00:b4c0::/32 ->
2a00:1838:30:7200::1 metric -1) dev tun0
May 19 20:29:32 A9t openvpn[48227]: add_route_ipv6(2a04:4b40::/29 ->
2a00:1838:30:7200::1 metric -1) dev tun0
May 19 20:29:32 A9t openvpn[48227]: add_route_ipv6(2a03:2480::/33 ->
2a00:1838:30:7200::1 metric -1) dev tun0
May 19 20:29:32 A9t openvpn[48227]: WARNING: this configuration may
cache passwords in memory -- use the auth-nocache option to prevent
this
May 19 20:29:32 A9t openvpn[48227]: Initialization Sequence Completed
И при выключении вот такое:
May 19 13:14:26 A9t shutdown: power-down by luba:
May 19 13:14:34 A9t openvpn[90120]: event_wait : Interrupted system
call (code=4)
May 19 13:14:34 A9t kernel: May 19 13:14:34 A9t openvpn[90120]:
event_wait : Interrupted system call (code=4)
--
Желаю вам поддержки Свыше и успеха!
С уважением,
Ваш Владимир