This is an old revision of the document!
# apt install openvpn # cd /etc/openvpn/
# pkg install openvpn # cat /etc/rc.conf
... openvpn_enable=yes
# mkdir /usr/local/etc/openvpn/ # cd /usr/local/etc/openvpn/
gate# cat openvpn.conf
dev tun # port 1194 # proto udp keepalive 10 120 server 192.168.200+X.0 255.255.255.0 push "route 192.168.100+X.0 255.255.255.0" dh /root/dh1024.pem ca /root/ca.crt crl-verify /root/ca.crl cert /root/gate.crt key /root/gate.key status /var/log/openvpn-status.log
C:\>notepad C:\Program Files\OpenVPN\config\user1.ovpn
dev tun # port 1194 # proto udp client remote 172.16.1.X ca ca.crt cert user1.crt key user1.key
gate# cat openvpn.conf
... client-config-dir ccd ...
gate# cat ccd/userN
ifconfig-push 192.168.200+X.4*N+2 192.168.200+X.4*N+1
gate# cat /etc/pam.d/login gate# cat openvpn.conf
... plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login client-cert-not-required username-as-common-name ...
C:\>notepad C:\Program Files\OpenVPN\config\client.ovpn
dev tun client remote 172.16.1.X ca ca.crt auth-user-pass
gate.corpX.un# openvpn --genkey --secret static.key gate.corpX.un# scp static.key gate.corpY.un: gate.corpX.un# cat connect_to_Y.conf
dev tun remote 172.16.1.Y port 1195 # proto udp keepalive 10 120 ifconfig 192.168.X+Y.X 192.168.X+Y.Y route 192.168.100+Y.0 255.255.255.0 secret /root/static.key
# cd /usr/local/etc/rc.d/ # ln -s openvpn connect_to_Y # cat /etc/rc.conf
... connect_to_Y_enable=yes
# service openvpn@openvpn start
gate# cat /var/log/openvpn-status.log gate# cat openvpn.conf
... management localhost 7505 ...
gate# telnet localhost 7505
status