# Help with openvpn



## MiraS (Apr 13, 2022)

Hi there. I would need a really functional guide to successfully running openvpn in freebsd13. Please don't send links to the instructions, I've tried enough of them in two months


----------



## SirDice (Apr 13, 2022)

Show us what you have and the errors you're getting.



MiraS said:


> I would need a really functional guide to successfully running openvpn in freebsd13. Please don't send links to the instructions, I've tried enough of them in two months


Contradictio in terminis. You want a guide but don't want instructions. A guide consists of instructions.


----------



## mer (Apr 13, 2022)

First question:
As a client or as a server?
As a client it's trivial.
Run the command as root.  server.ovpn comes from the server side typically on a first connection.  The password file is a cheat so you don't have to type user/pass in.
openvpn --config ~$USER/.vnc/server.ovpn --auth-user-pass ~$USER/.vnc/server.passwd --ping 10 --inactive 0


----------



## MiraS (Apr 15, 2022)

Thanks. I have a Freebsd13 desktop, and a router. I understood that I needed to install and run a server and then connect a client to my server. I am attaching openvpn.log in the attachment


----------



## MiraS (Apr 15, 2022)

Here's mine log from start client.ovpn and rc.conf. I will be happy to help.


----------



## SirDice (Apr 15, 2022)

Please don't post picture of _text_. They're impossible to quote or copy/paste from.


----------



## diizzy (Apr 15, 2022)

If this is your client it does say why it fails?
"Got no response from radius server." --> "AUTH: Auth failed!"
You need to go from there


----------



## MiraS (Apr 15, 2022)

Diizzy. Yes. I know authentication failed. But I don't know why and I don't know where to go next. I think I need help with that.


----------



## mer (Apr 15, 2022)

I would take at the username/password being used by the openvpn client and verify that the radius server being used for authentication actually accepts that as valid.  The OpenVPN server should simply be taking the credentials from the client and passing them to the Radius server.  The Radius server is comes back to the OpenVPN server with pass/fail or authenticated/not authorized (whatever terms you prefer).

Start with assuming openvpn client to openvpn server is correct, then look at the Radius server that OpenVPN server is configured to use and make sure the username/password are correct and valid.

I do not have exact commands on the radius server to tell you to use.


----------



## MiraS (Apr 15, 2022)

Mer---: It is not possible to log in to the Radius server via https, because the username is an email, while no email is specified when generating login details in easy-rsa. Therefore, it is not possible to verify the name and password in any way. I tried to create several users to connect as an openvpn client, but in neither case was authentication accepted. I used my settings from: https://kifarunix.com/install-and-configure-openvpn-server-freebsd-12/ and https://pangnet.net/openvpn-freebsd-with-freeradius. Thank you very much for your help, I appreciate it and it bothers me that such a trivial matter on all other platforms is such a problem in freebsd.


----------



## msplsh (Apr 15, 2022)

You've significantly increased the complexity of getting OpenVPN to work by trying to *also* get FreeRADIUS to work with it, so it's *non*-trivial.


----------



## SirDice (Apr 15, 2022)

MiraS said:


> I used my settings from: https://kifarunix.com/install-and-configure-openvpn-server-freebsd-12/


That first link uses SSL client certificates for authentication. Not a username/password combination.


----------



## covacat (Apr 15, 2022)

msplsh said:


> You've significantly increased the complexity of getting OpenVPN to work by trying to *also* get FreeRADIUS to work with it, so it's *non*-trivial.


i second that, don't bother with user/pass if you don't REALLY need to
make it work with certs only in the first step, then ...


----------



## MiraS (Apr 15, 2022)

Sorry. I don't understand it at all. I don't need to know what not to do. I need to know what to do, but your advice leads me to some vague, absurd places that I have no idea what you want to tell me. Once again. Can you tell me how to run openvpn on freebsd ???????????????? Step by step ????? Still, thank you very much.


----------



## SirDice (Apr 15, 2022)

Step 1. Define your goals. What are you trying to accomplish?
Running OpenVPN isn't a goal, it's a means to archive a goal. Using a laptop from home to login on the company's network. That's a goal. 

Step 2. Define your requirements.
Do you want/need to encrypt the traffic? Maybe you want to use the company's ADS, LDAP or TACACS for user management. Those are your requirements. 

Step 3. Look for solutions that fit steps 1 and 2. 
Based on your goals and requirements you may come to the conclusion OpenVPN could be used to archive those goals and requirements. You may also conclude it doesn't fit and you might need to look for other solutions. 

"How to run openvpn" is open to a LOT of interpretation. There are many, many ways of configuring OpenVPN. Which configuration is suitable for you is going to depend on your goals and requirements. So start there first.


----------



## msplsh (Apr 15, 2022)

MiraS said:


> I need to know what to do,


Easy.  Just follow the instructions you've already got, but do not use the optional step of adding FreeRADIUS into the mix.


----------



## MiraS (Apr 17, 2022)

Thank you for your time. My intention is to connect to the web via openvpn and then check the ip address of my desktop that it has really changed and that the setup was successful. When I solve this, I will decide whether to use openvpn to access my NAS from the Internet. But that's the second thing. I don't want to deal with that right now. I was quite confused by the information that my first intention is simple and a matter of minutes. As I wrote in the introduction, I tried all sorts of recommendations and instructions step by step, but without success. I honestly don't believe anyone is successfully using openvpn in freebsd13. Because then there would be nothing easier than writing do it-> to -> it and you will have basic, but mainly FUNCTIONAL settings for connecting to the openvpn tunnel. I'm offering $ 20 for advice that will work. Not some well-meaning chatter.


----------



## msplsh (Apr 17, 2022)

MiraS said:


> I tried all sorts of recommendations and instructions step by step


But I don't see any errors that you're getting by trying to get it work without adding FreeRADIUS.



MiraS said:


> I'm offering $ 20 for advice that will work. Not some well-meaning chatter.



If you pay in patience and follow the instructions you already followed except left out FreeRADIUS (which is explicitly labeled optional), and then posted any problems you have, you could probably save $20.


----------

