How to run OpenVPN server on Leopard
I've been running OpenVPN servers for a long time on many Linux servers, but I've never tried running a server on Mac OS X. Usually I have an old Linux machine just sort of lying around on a network, and I use that as the VPN server.
On a new network I set up, I have only Macs available. So I either had to set up a Linux OS on an old computer, or try OpenVPN on Mac. I thought I'd give Mac a try first. It works.
Notes along the way:
Use MacPorts to get openvpn installed on the server machine.
Enable IP forwarding on Leopard:
sysctl -w net.inet.ip.forwarding=1
Put static routes on your router on the server network so that packets for the virtual network get routed back to the OpenVPN server, so they can be put into the right tunnel.
Also on the router on the server side, forward TCP port 1194 to the OpenVPN server machine.
Create the CA (build-ca), DH group (build-dh), Server cert (build-key-server) and various client certs (build-key) in the easy-rsa script hierarchy
roll it all up in a server.conf:
server 10.91.0.0 255.255.255.0
push "route 10.90.0.0 255.255.255.0"
push "dhcp-option DNS 10.90.0.1"
keepalive 10 120
- Start the server
cd /opt/local/openvpn; openvpn2 --config server.conf
- create a client.conf, and don't forget the ca.crt, client.crt and client.key
remote office.yourcompanyname.com 1194
- Don't forget the TUN/TAP drivers on both client and server machines!