Has anyone been able to successfully use OpenVPN on OpenBSD with a VPN service? For some reason OpenBSD is the only OS I can't get my VPN subscription working on and I'd like to make it work.
I am running OpenBSD 4.8-release, on an almost-fresh install. I only pkg_added openvpn, firefox, scrotwm, and p7zip. I have my client.ovpn and cert.dat in my /etc/openvpn directory. Contents of /etc/hostname.tun0 : up !/usr/local/sbin/openvpn --daemon --config /etc/openvpn/client.ovpn Contents of /etc/openvpn/client.ovpn : # VPN config ns-cert-type server tls-client pull verb 3 tls-timeout 6 cipher BF-CBC keysize 256 pkcs12 cert.dat keepalive 30 120 hand-window 120 route-delay 2 persist-tun persist-key redirect-gateway def1 remote-random route-metric 2 route-method exe dev tun0 topology subnet <connection> proto tcp-client remote [vpn url] 11000 remote [vpn ip] 11000 connect-retry 10 </connection> <connection> proto udp remote [vpn url] 11000 remote [vpn ip] 11000 </connection> The information within square brackets I removed as to not advertise the service. Logs of connecting to VPN: $ sudo openvpn --config client.ovpn Password: Wed Feb 2 10:14:39 2011 OpenVPN 2.1.0 i386-unknown-openbsd4.8 [SSL] [LZO2] built on Aug 10 2010 Wed Feb 2 10:14:39 2011 NOTE: OpenVPN 2.1 requires '--script- security 2' or higher to call user-defined scripts or executables Wed Feb 2 10:14:39 2011 WARNING: file 'cert.dat' is group or others accessible Wed Feb 2 10:14:39 2011 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ] Wed Feb 2 10:14:39 2011 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ] Wed Feb 2 10:14:39 2011 Local Options hash (VER=V4): 'bf6006bf' Wed Feb 2 10:14:39 2011 Expected Remote Options hash (VER=V4): '3ce6ab7f' Wed Feb 2 10:14:39 2011 Attempting to establish TCP connection with [vpn ip]:11000 [nonblock] Wed Feb 2 10:14:40 2011 TCP connection established with [vpn ip]:11000 Wed Feb 2 10:14:40 2011 Socket Buffers: R=[16384->65536] S=[16384- >65536] Wed Feb 2 10:14:40 2011 TCPv4_CLIENT link local: [undef] Wed Feb 2 10:14:40 2011 TCPv4_CLIENT link remote: [vpn ip]:11000 Wed Feb 2 10:14:40 2011 TLS: Initial packet from [vpn ip]:11000, sid=8683dadf 709ff51b Wed Feb 2 10:14:42 2011 VERIFY OK: depth=1, /C=US/ST=NY/L=New_York/O=example.com/CN=example.com_CA/emailAddress= ad...@example.com Wed Feb 2 10:14:42 2011 VERIFY OK: nsCertType=SERVER Wed Feb 2 10:14:42 2011 VERIFY OK: depth=0, /C=US/ST=NY/L=New_York/O=example.com/CN=server/emailAddress=admin@ex ample.com Wed Feb 2 10:14:46 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 256 bit key Wed Feb 2 10:14:46 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Feb 2 10:14:46 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 256 bit key Wed Feb 2 10:14:46 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Feb 2 10:14:46 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Wed Feb 2 10:14:46 2011 [server] Peer Connection Initiated with [vpn ip]:11000 Wed Feb 2 10:14:49 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Wed Feb 2 10:14:49 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.100.1.0 255.255.255.0,redirect-gateway,dhcp- option DNS 10.100.1.1,route-gateway 10.100.1.1,topology subnet,ping 120,ping-restart 360,socket-flags TCP_NODELAY,ifconfig 10.100.1.112 255.255.255.0' Wed Feb 2 10:14:49 2011 OPTIONS IMPORT: timers and/or timeouts modified Wed Feb 2 10:14:49 2011 OPTIONS IMPORT: --socket-flags option modified Wed Feb 2 10:14:49 2011 NOTE: setsockopt TCP_NODELAY=1 failed (No kernel support) Wed Feb 2 10:14:49 2011 OPTIONS IMPORT: --ifconfig/up options modified Wed Feb 2 10:14:49 2011 OPTIONS IMPORT: route options modified Wed Feb 2 10:14:49 2011 OPTIONS IMPORT: route-related options modified Wed Feb 2 10:14:49 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp- option options modified Wed Feb 2 10:14:49 2011 ROUTE default_gateway=192.168.1.1 Wed Feb 2 10:14:49 2011 /sbin/ifconfig tun0 destroy Wed Feb 2 10:14:49 2011 /sbin/ifconfig tun0 create Wed Feb 2 10:14:49 2011 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure Wed Feb 2 10:14:49 2011 /sbin/ifconfig tun0 10.100.1.112 netmask 255.255.255.0 mtu 1500 broadcast 10.100.1.255 link0 Wed Feb 2 10:14:49 2011 TUN/TAP device /dev/tun0 opened Wed Feb 2 10:14:51 2011 /sbin/route add -net [vpn ip] 192.168.1.1 - netmask 255.255.255.255 add net [vpn ip]: gateway 192.168.1.1 Wed Feb 2 10:14:51 2011 /sbin/route add -net 0.0.0.0 10.100.1.1 - netmask 128.0.0.0 add net 0.0.0.0: gateway 10.100.1.1 Wed Feb 2 10:14:51 2011 /sbin/route add -net 128.0.0.0 10.100.1.1 - netmask 128.0.0.0 add net 128.0.0.0: gateway 10.100.1.1 Wed Feb 2 10:14:51 2011 /sbin/route add -net 10.100.1.0 10.100.1.1 -netmask 255.255.255.0 add net 10.100.1.0: gateway 10.100.1.1 Wed Feb 2 10:14:51 2011 Initialization Sequence Completed ifconfig while I left the VPN running: $ sudo ifconfig -A lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33200 priority: 0 groups: lo inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:26:b0:da:a3:86 priority: 0 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::226:b0ff:feda:a386%nfe0 prefixlen 64 scopeid 0x1 inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255 enc0: flags=0<> priority: 0 groups: enc status: active pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33200 priority: 0 groups: pflog tun0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500 lladdr fe:e1:ba:d4:20:7e priority: 0 groups: tun status: active inet 10.100.1.112 netmask 0xffffff00 broadcast 10.100.1.255 inet6 fe80::fce1:baff:fed4:207e%tun0 prefixlen 64 scopeid 0x6 Routing table while the VPN is still running: Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface 0/1 10.100.1.1 UGS 0 0 - 8 tun0 default 192.168.1.1 UGS 3 1313 - 8 nfe0 10.100.1/24 link#6 UC 1 0 - 4 tun0 10.100.1/24 10.100.1.1 UGS 0 0 - 8 tun0 10.100.1.1 link#6 UHLc 3 0 - 4 tun0 [vpn ip]/32 192.168.1.1 UGS 0 0 - 8 nfe0 127/8 127.0.0.1 UGRS 0 0 33200 8 lo0 127.0.0.1 127.0.0.1 UH 2 0 33200 4 lo0 128/1 10.100.1.1 UGS 0 1 - 8 tun0 192.168.1/24 link#1 UC 1 0 - 4 nfe0 192.168.1.1 00:1f:90:0f:88:8c UHLc 2 38 - 4 nfe0 192.168.1.4 127.0.0.1 UGHS 0 0 33200 8 lo0 224/4 127.0.0.1 URS 0 0 33200 8 lo0 The issue I am having is that while I can supposedly "connect" to the VPN, I cannot ping anything nor access any internet-necessary services like browsing to a website or going on IRC. (But everything works fine if I don't run the VPN. Just making sure there's no misunderstanding.) Since I know it's not a server-side (as I've tested this on other OSes) it must be something with OpenBSD and OpenVPN? Maybe OpenBSD is not correctly routing or something when OpenVPN starts. On another note, when I reboot, /etc/hostname.tun0 does not start up tun0 even though I have the line "up" in the file. tun0 is still down and OpenVPN does not start up at boot time (though this is not what I want; I'd rather run OpenVPN manually). It seems as if /etc/hostname.tun0 is being ignored? tun0 only goes up when I start OpenVPN. Does anyone know what's wrong or if they've ran into this issue and solved it before?