# OpenVpn Client setup



## Thom (Oct 4, 2016)

Hi all,

I've been browsing through forums for several days now and I see quite a bit about setting up an openvpn server, however not much about using BSD as an openvpn client. I connect to a set of VPN servers that I rotate daily.  I have about 50 of them. I have openvpn installed and openvpn-admin installed and working. I have client configs working and can call up openvpn-admin and connect to any one at will. There don't seem to be any good how-to's for client out there but I managed it.

That all said, here's my problem.
I can only successfully connect and run if I start openvpn-admin as root or if I start openvpn manually as root. There are a b-dozen permission's errors when I try to run openvpn as a client under a regular users.  /var/run directory is not accessible to normal users  log directories etc. I have not tried running it in a jail, but considering the nature of the networking etc I don't. I'm running a desktop on top of my FreeBSD with Xorg and KDE. I have all that working great.

Any help would be greatly appreciated.

Thom


----------



## T-Daemon (Oct 4, 2016)

Try this how to. It seems pretty promising.


----------



## Thom (Oct 5, 2016)

T-Daemon said:


> Try this how to. It seems pretty promising.


Thanks for the reply but once again that is all server setup and I did look at it previously. It was one of the ones I found.
I know that most people use BSD for servers and the number of people using it as a desktop is limited.
But I use it as a desktop as well.  And it appears to me that the port is setup to be a server and though you can configure it
to be a client the permissions are all borked up.  If I were to start it as a daemon and use only 1 VPN and always connect
from root/wheel permissions all would be fine but to try and launch it from a user account to connect to one of many VPN's
like a road warrior setup is not well documented any help would be appreciated.
Thom


----------



## xavi (Oct 5, 2016)

This tutorial has instructions for both client and server, so may be what you're looking for.


----------



## Thom (Oct 5, 2016)

Thank you I didn't find that one. I've basically done all that the hard way... ha ha.  but I'll re-do it and check again.  It still runs as a service... changing vpn's back and forth still may not work.
As I said I have it working it's just that I must do it as root for it to work. I  really would like to be able to run it as my current user.
This how-to still has it running as root under a service.


----------



## Thom (Oct 10, 2016)

Nope


xavi said:


> This tutorial has instructions for both client and server, so may be what you're looking for.


Nope still doesn't work. Except as root.


----------



## T-Daemon (Oct 10, 2016)

You can run `openvpn` with security/sudo or security/super as user.

For testing I set up openvpn (no server setup). I installed security/openvpn, set *openvpn_enable”YES” *and *openvpn_if=“tun”*, obtained an xxx.ovpn file, put *user nobody* and *group nogroup* in the xxx.ovpn file (client.conf) to drop the root privileges after initialization, configured super, executed `openvpn` as user with super, works fine.


----------



## kpa (Oct 10, 2016)

You can't start the daemon on a regular user because it needs to modify the network interfaces and routing table and those tasks require superuser privileges. It can later drop the superuser privileges as noted above but only after the necessary system configuration has been finished.


----------



## Thom (Oct 20, 2016)

interesting, I'll try that...
S.


T-Daemon said:


> You can run `openvpn` with security/sudo or security/super as user.
> 
> For testing I set up openvpn (no server setup). I installed security/openvpn, set *openvpn_enable”YES” *and *openvpn_if=“tun”*, obtained an xxx.ovpn file, put *user nobody* and *group nogroup* in the xxx.ovpn file (client.conf) to drop the root privileges after initialization, configured super, executed `openvpn` as user with super, works fine.


----------



## Thom (Aug 3, 2018)

I posted a how to on this  here:
https://forums.freebsd.org/threads/...on-with-multiple-configs-end-user-type.66999/


----------



## ShelLuser (Aug 3, 2018)

Thom said:


> I posted a how to on this  here:
> https://forums.freebsd.org/threads/...on-with-multiple-configs-end-user-type.66999/


Next time consider using the official HOWTO section for that. That way people will recognize it as an howto and you're also more likely to attract a larger audience.


----------



## Thom (Aug 3, 2018)

ShelLuser said:


> Next time consider using the official HOWTO section for that. That way people will recognize it as an howto and you're also more likely to attract a larger audience.


I'll repost there


----------

