Does manually runnng /usr/local/etc/rc.d/openvpn.sh work ?
if i run the openvpn command like you said it doesn't work, but then (and i have to do the same thing on the linux server, which reminded me)..if i change dir to the /usr/local/etc/openvpn folder i can run the command with the --config option and it works great!
now if i can get this working on startup cleanly it would be fantastic.
here is what i added to /etc/rc.donf:
openvpn_enable="YES" # YES or NO
openvpn_if="tun" # driver(s) to load, set to "tun", "tap" or "tun tap"
#
# # optional:
# openvpn_flags="" # openvpn command line flags
openvpn_configfile="/usr/local/etc/openvpn/radio.conf" # --config file
openvpn_dir="/usr/local/etc/openvpn" # --cd directory
here is my /usr/local/etc/rc.d/openvpn.sh (this got installed by ports and i followed instructions to add stuff to /etc/rc.conf)
#!/bin/sh
#
# openvpn.sh - load tun/tap driver and start OpenVPN daemon
# ^snip^ a bunch of copyright stuff
# -----------------------------------------------------------------------------
#
# Add the following lines to /etc/rc.conf to enable openvpn at boot-up time:
#
# openvpn_enable="YES" # YES or NO
# openvpn_if="tun" # driver(s) to load, set to "tun", "tap" or "tun tap"
#
# # optional:
# openvpn_flags="" # openvpn command line flags
# openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf" # --config file
# openvpn_dir="/usr/local/etc/openvpn" # --cd directory
#
# You also need to set openvpn_configfile and openvpn_dir, if the configuration
# file and directory where keys and certificates reside differ from the above
# settings.
#
# Note that we deliberately refrain from unloading drivers.
#
# For further documentation, please see openvpn(8).
#
. /etc/rc.subr
name=openvpn
rcvar=`set_rcvar`
prefix="/usr/local"
openvpn_precmd()
{
for i in $openvpn_if ; do
# FreeBSD <= 5.4 does not know kldstat's -m option
# FreeBSD >= 6.0 does not add debug.* sysctl information
# in the default build - we check both to keep things simple
if ! sysctl debug.if_${i}_debug >/dev/null 2>&1 \
&& ! kldstat -m if_${i} >/dev/null 2>&1 ; then
if ! kldload if_${i} ; then
warn "Could not load $i module."
return 1
fi
fi
done
return 0
}
stop_postcmd()
{
rm -f "$pidfile" || warn "Could not remove $pidfile."
}
# support SIGHUP to reparse configuration file
extra_commands="reload"
# pidfile
pidfile="/var/run/${name}.pid"
# command and arguments
command="/usr/local/sbin/${name}"
# run this first
start_precmd="openvpn_precmd"
# and this last
stop_postcmd="stop_postcmd"
load_rc_config ${name}
: ${openvpn_enable="NO"}
: ${openvpn_flags=""}
: ${openvpn_if=""}
: ${openvpn_configfile="${prefix}/etc/openvpn/openvpn.conf"}
: ${openvpn_dir="${prefix}/etc/openvpn"}
required_files="${openvpn_configfile}"
command_args="--cd ${openvpn_dir} --daemon --config ${openvpn_configfile} --writepid ${pidfile}"
run_rc_command "$1"
************
it seems like i could just add a quick and dirty command to /usr/local/etc/rc.d but it's probably not the correct way to get things working.
i didn't understand the server and client were initiated in similar ways on unix.
thanks!
harry
On 9/13/07, Stefan Lamby <slamby@xxxxxx> wrote:
Please post this openvpn.sh file you have.
Thanks
Stefan
Harry Doyle schrieb:
> ok i am able to access my server now, but openvpn doesn't seem to
> work. i have added some lines to rc.conf to start it, and i have
> created a /usr/local/etc/openvpn directory and indicated its existence
> in rc.conf.
>
> i have generated my client.conf file, and i'm using the same crt files
> i use on my windows clients. i have generated the other key/crt files
> for this computer using pkitool on the server. so i think my stuff in
> /usr/local/etc/openvpn is ok. and i also have a startup file in
> /usr/local/etc/rc.d/openvpn.sh
>
> so i think it should start up, but nothing happens. i tail
> /var/log/messags but there is no info. ifconfig doesn't show any tun
> device either (like it does on the linux server).
>
> i am using tun device, which i think is already in my stock freebsd
> kernel.
>
> i think it must be something small i'm missing. what do i need to
> provide you guys to figure out what's wrong?
>
> just to be clear, i am only trying to use this machine as a client.
>
> thanks for your help,
> harry
>
>
>
>
> $On 9/11/07, *Harry Doyle* <harry@xxxxxxxxx <mailto:harry@xxxxxxxxx>>
> wrote:
>
> thanks everybody. i will set this up tomorrow and let you know how
> it goes. i can't ssh to the machine from home, which is why i'm
> using openvpn. i've been using it for about a year now to give
> clients ms exchange access and i have to say openvpn is solid as a
> rock! using it for remote access to clients behind a firewall is
> really really convenient.
> cheers,
> harry
>
>
>
> On 9/10/07, *Marco Fretz* < marco@xxxxxxx <mailto:marco@xxxxxxx>>
> wrote:
>
> if u have installed ports-tree u should install from ports.
> its better
> then compile the source manually under bsd... but check the
> version... i
> think u should use openvpn 2.0
>
> greets
>
> Harry Doyle schrieb:
> > that's ok, i just want to use it so i can connect to my
> openvpn server
> > and then access ssh over it, which is blocked over its
> routable ip. i
> > did not know the install was same for client and server. all my
> > existing clients are on windows. ok to install from ports on
> this?
> > thanks,
> > harry
> >
> >
> > On 9/10/07, *Marco Fretz* < mailinglist@xxxxxxx
> <mailto:mailinglist@xxxxxxx >
> > <mailto:mailinglist@xxxxxxx <mailto:mailinglist@xxxxxxx>>> wrote:
> >
> > hello
> >
> > install is always the same, for server and
> client... client config is
> > almost the same on every OS.
> > read this howto carefully and u can easily setup a secure
> openvpn
> > server
> > with tls,client and server cert...
> >
> > http://openvpn.net/howto.html <http://openvpn.net/howto.html>
> >
> > one thing i know from openbsd (probable on freebsd, too)
> is that
> > it has
> > no support for TAP tunnels in generic kernel. but if u
> dont need
> > broadcasts odr multicast u should not use tap, i think.
> >
> >
> >
> > greets
> > marco
> >
> > Harry Doyle schrieb:
> > > Hi everybody,
> > > I have a FreeBSD box i would like to hook up to a linux
> based
> > openvpn
> > > server. How do i setup an openvpn client on FreeBSD?
> Everything i've
> > > seen so far on unix was for running servers. Is there a
> howto on
> > this?
> > > Thanks,
> > > Harry
> > >
> >
> ------------------------------------------------------------------------
> >
> > >
> > >
> >
> -------------------------------------------------------------------------
>
> > > This SF.net email is sponsored by: Microsoft
> > > Defy all challenges. Microsoft(R) Visual Studio 2005.
> > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> <http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/>
> > >
> >
> ------------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > Openvpn-users mailing list
> > > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:Openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
> > <mailto: Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> <mailto:Openvpn-users@xxxxxxxxxxxxxxxxxxxxx>>
> > >
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> <https://lists.sourceforge.net/lists/listinfo/openvpn-users>
> > < https://lists.sourceforge.net/lists/listinfo/openvpn-users>
> > >
> >
> >
>
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> ------------------------------------------------------------------------
>
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>