Digital Ocean Droplet Private VPN, bugs in and dissapointment

So I finally fixed (sort of) the bug in my script hashtree. There was a “greedy” regexp in that was gobbling up all the white space which led to errors copying files that had multiple spaces.
I don’t think the fix will be ever up streamed to CPAN as it is an old bug, so I may have to find a long term fix. But precisely 0 people besides myself use my script so…
For those interested the bug is here:
Now my program is working fully I was able to compare all the data on two 800GB hard drives and was sorely disappointed that ext4 hadn’t destroyed any of my data.
I then wiped one hard drive and put ZFS on it and copied the data back.
I also recently setup up a private VPN on my FreeBSD Digital Ocean droplet. The setup was not that difficult and the speed through the VPN is actual in most cases faster than my regular internet – go figure.
The setup up is pretty simple:
1.) install openvpn via “pkg install openvpn”
2.) add the following to /etc/rc.conf by issuing the command:
# sysrc openvpn_enable=”YES”
3.) copy easyrsa files:
# cp -r /usr/local/share/easy-rsa /usr/local/etc/openvpn/easy-rsa
cd to that directory
Initiate the directory:
# ./easyrsa.real init-pki
Create Certificate Authority
# ./easyrsa.real build-ca
Build certificates:
# ./easyrsa.real build-server-full openvpn-server nopass
Check if it worked:
# ./easyrsa.real show-cert openvpn-server
Build client certificate(s):
# ./easyrsa.real build-client-full (name)
Finally generate Diffie Hellman file:
# ./easyrsa.real gen-dh
Make the keys directory:
# mkdir /usr/local/etc/openvpn/keys
Move the keys there:
# cp pki/dh.pem \
pki/ca.crt \
pki/issued/openvpn-server.crt \
pki/private/openvpn-server.key \
Move these to the client:
ta.key (if configured with TLS)
4.) add the following to /usr/local/etc/openvpn/openvpn.conf
remote-cert-tls client
port 1194
proto udp
dev tun
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/openvpn-server.crt
key /usr/local/etc/openvpn/keys/openvpn-server.key # This file should be kept secret
dh /usr/local/etc/openvpn/keys/dh.pem
topology subnet
ifconfig-pool-persist ipp.txt
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS”
push “dhcp-option DNS”
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
user nobody
group nobody
status openvpn-status.log
verb 3
explicit-exit-notify 1
5.) Secure the directory so its root read/write only:
# chmod -R 700 /usr/local/etc/openvpn
6.) start openvpn:
# service openvpn start
7.) Check /var/log/messages for any errors or warning messages.
Configuring a client is easy. Just copy the files add openvpn enable to rc.conf and add the following to /usr/local/etc/openvpn.conf
askpass /usr/local/etc/openvpn/homevpn.pass
dev tun
proto udp
remote fbsd.droplet 1194
resolv-retry infinite
user nobody
group nogroup
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
You will need to add your password to the file indicated above and add a host entry for your sever in /etc/hosts.
If you run into trouble try these articles:
If you want to run it on and Android phone all you need to do is put all the files into a single directory (all the keys) and then move openvpn.conf to openvpn.ovpn and select “import from sd card” then click on the openvpn.ovpn file. Make sure all settings in the config file point to the correct names of each file.
2017-12-01 22.53.35.png

Leave a comment

Your email address will not be published. Required fields are marked *