Search the Community
Showing results for tags 'freebsd'.
Found 7 results
-
I am new to freeBSD. Can you help with guide how to run hummingbird suite or eddie in freebsd? or is it only possible with openVPN as of yet?
-
I'm trying to setup a kill switch so that if OpenVPN goes down all other connections are automatically locked. I adapted this config as it follows: ### EDITED group openvpn ################ client dev tun remote XXXXXX 443 resolv-retry infinite nobind persist-key persist-tun auth-nocache verb 3 explicit-exit-notify 5 rcvbuf 262144 sndbuf 262144 push-peer-info setenv UV_IPV6 yes ca "/opt/openvpn/keys/ca.crt" cert "/opt/openvpn/keys/user.crt" key "/opt/openvpn/keys/user.key" remote-cert-tls server cipher AES-256-CBC comp-lzo no proto udp tls-auth "/opt/openvpn/keys/ta.key" 1 and this is my ipfw config #!/bin/bash ipfw -q -f flush cmd="ipfw -q add" vpn="tun2" $cmd 00001 allow all from any to any via lo0 $cmd 00010 allow all from any to any via tun0 $cmd 00101 allow all from me to 192.168.0.0/16 $cmd 00102 allow all from 192.168.0.0/16 to me ############################### # it should allow openvpn to establish the connection $cmd 00103 allow all from any to any gid openvpn ############################### $cmd 00104 allow all from any to any established $cmd 00110 allow tcp from any to any dst-port 53 out setup keep-state $cmd 00111 allow udp from any to any dst-port 53 out keep-state $cmd 00201 deny all from any to any when i try to start openvpn it won't work e.g. Mon Jul 20 22:13:17 2020 WARNING: file '/opt/openvpn/keys/user.key' is group or others accessible Mon Jul 20 22:13:17 2020 WARNING: file '/opt/openvpn/keys/ta.key' is group or others accessible Mon Jul 20 22:13:17 2020 OpenVPN 2.4.9 amd64-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 12 2020 Mon Jul 20 22:13:17 2020 library versions: OpenSSL 1.0.2u-freebsd 20 Dec 2019, LZO 2.10 Mon Jul 20 22:13:17 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Jul 20 22:13:17 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Jul 20 22:13:17 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.221.34:443 Mon Jul 20 22:13:17 2020 Socket Buffers: R=[42080->262144] S=[9216->262144] Mon Jul 20 22:13:17 2020 UDP link local: (not bound) Mon Jul 20 22:13:17 2020 UDP link remote: [AF_INET]184.75.221.34:443 Mon Jul 20 22:13:17 2020 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Mon Jul 20 22:13:17 2020 write UDP: Permission denied (code=13) Mon Jul 20 22:13:19 2020 write UDP: Permission denied (code=13) Mon Jul 20 22:13:23 2020 write UDP: Permission denied (code=13) it looks like that in freebsd openvpn wants to start as root/wheel no matter what ad it will downgrade to a custom group only once the first connection has been successfully established. Is there a way around that? Else, is there another way to allow only openvpn to connect to the internet? I'm not married to this solution, i just want to setup a killswitch and avoid iptables.
-
Hey guys, I really love the VPN service you are offering, it is way more professional than any of your competitives which I've tested so far. I want to use your VPN to anonymize the internet traffic for four of my FreeNAS jails. Every jail is an independent virtual instance of FreeBSD. Unfortunately if you want to add a plugin (something like transmission or sabnzbd) in FreeNAS it creates one jail for one application, so I have to connect four instances of openvpn to your servers. My problem is that you only accept three connections per account, how can I bundle the network traffic of those 4 jails to one openvpn connection? Thank you very much in advance for your answer, cephyr
-
I have installed OpenVPN client on my FreeBSD file server at home. I've used 'other' config file and it's working fine, I can ssh out to my work servers, browse the web and all that good stuff, my external IP is obviously the open AirVPN assigned to my vpn connection. tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 fe80::214:d1ff:fe1d:3bbb%tun0 prefixlen 64 scopeid 0x6 inet 10.4.12.51 --> 10.4.0.1 netmask 0xffff0000 I've forwarded two ports, one for torrents, and one for ssh. Neither port is working. For example, I've setup 56602 for torrents. I've started transmission, and it's listening on the port in question: # netstat -an | grep 56602tcp6 0 0 *.56602 *.* LISTENtcp4 0 0 10.4.12.51.56602 *.* LISTENudp4 0 0 10.4.12.51.56602 *.* # lsof -p 52166 | grep 56602transmiss 52166 transmission 9u IPv4 0xfffff8001e4e8c00 0t0 TCP 10.4.12.51:56602 (LISTEN)transmiss 52166 transmission 10u IPv6 0xfffff8003f3fe000 0t0 TCP *:56602 (LISTEN)transmiss 52166 transmission 11u IPv4 0xfffff8000e44d580 0t0 UDP 10.4.12.51:56602 I do see incoming packets on tun0: # tcpdump -i tun0 port 56602... 18:06:06.853682 IP ********.56966 > 10.4.12.51.56602: Flags , seq 644910569, win 8192, options [mss 1352,nop,wscale 2,nop,nop,sackOK], length 018:06:07.132328 IP ********.53676 > 10.4.12.51.56602: Flags , seq 2949838881, win 8192, options [mss 1352,nop,nop,sackOK], length 0...18:06:06.759788 IP ********.18848 > 10.4.12.51.56602: UDP, length 2018:06:06.820983 IP ********.58101 > 10.4.12.51.56602: UDP, length 20... But nothing going back from my host (I've replaced actual ips with '********'). My firewall is open: # ipfstat -i | grep 56602pass in quick on tun0 inet from any to 10.4.12.51/32 port = 56602 Any ideas on what I am doing wrong?
-
I installed openvpn on FreeBSD 10.1 and the DNS isn't working. I put these lines in rc.conf: openvpn_enable="YES" openvpn_if="tun" openvpn_configfile="/usr/local/etc/openvpn/[whatever].ovpn" I copied the .ovpn file to /usr/local/etc/openvpn. When I reboot, openvpn starts fine. I don't have a firewall on the system. Did I forget to do something?
-
NOTE: if you run Eddie or Hummingbird you don't need this guide, but you might need to get rid of update-systemd-resolved which, in one of its various working modes, can interfere fatally with DNS handling. This post describes how to accept OpenVPN servers DNS push on Linux, OpenBSD, FreeBSD and some other POSIX-compliant OS when: resolvconf package OR openresolv package is installed OpenVPN is run directly (i.e. NOT through any OpenVPN GUI/wrapper such as network-manager) OpenVPN version is 2.1 or higher Warning: the specified "update-resolv-conf" script path refers to many Linux distributions and OpenVPN package installation, but NOT to all of them. Please check the correct path of the mentioned file before proceeding (for example: it could be /usr/share/openvpn instead of /etc/openvpn). If the script is not on your system, you'll need to create it. See the typical script here: https://wiki.archlinux.org/index.php/OpenVPN#DNS Important: in the same above linked page, note that if you have a system based on systemd you might need some important modifications: Add to your OpenVPN configuration file(s), either in field "Custom Directives" of the Configuration Generator or by editing the configuration directly, the following lines: script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf In this way update-resolv-conf will record the DNS push and through resolvconf or openresolv will modify the nameserver accordingly. When OpenVPN quits, update-resolv-conf restores the previous nameserver line(s). Kind regards
-
In order to prevent leaks on *BSD and Mac OS X systems with pf, please see this guide by jessez: https://airvpn.org/topic/1713-win-mac-bsd-block-traffic-when-vpn-disconnects/page-2?do=findComment&comment=2532 Thank you very much jessez! Kind regards