OpenVPN is an open source SSL VPN software. Because it implements a custom security protocol (currently developed by a company called OpenVPN Technologies, Inc.) instead of a widely implemented standard, we have chosen not to include it in our suite of officially supported subsystems. However, installing and running OpenVPN on your security router is pretty straight forward using root access, however, this is not officially supported.
Begin by installing Perl.
To have OpenVPN installed automatically, add the following to your /cfg/skel/rc.local
mount -uw / pkg_add -D repair openvpn easy-rsa mount -ur / ln -s /cfg/skel/openvpn /etc/openvpn cd /etc/openvpn/ && openvpn --daemon --config server.conf
To install it, along with the required certificates, run
pkg_add -D repair openvpn easy-rsa cp -r /usr/local/share/easy-rsa easy cd easy/ . ./vars ./clean-all ./build-dh ./pkitool --initca ./pkitool --server server KEY_NAME=client1 ./pkitool client1 mkdir /cfg/skel/openvpn ln -s /cfg/skel/openvpn/ /etc/openvpn cp /usr/local/share/examples/openvpn/sample-config-files/server.conf /etc/openvpn/server.conf cp keys/ca.crt /etc/openvpn/ca.crt cp keys/dh1024.pem /etc/openvpn/ cp keys/server.crt /etc/openvpn/ mkdir /etc/openvpn/private cp keys/server.key /etc/openvpn/
and try starting it with
cd /etc/openvpn && openvpn --config server.conf
OpenVPN requires a client software to be installed, which is available for Linux, Windows, Mac, iPhone, Android and a few more. To create a configuration file that works with iPhone, copy the text below into a file called whatever.ovpn
client dev tun proto udp remote SERVERADDRESS 1194 nobind ns-cert-type server comp-lzo <ca> ... </ca> <cert> ... </cert> <key> ... </key>
and populate it (replace ...) with the contents of keys/ca.crt, the keys/client1.crt and keys/client1.key which were generated in the server installation above.