This weekend I built a VPN gateway for one of my customers. The task was the creation of a secure box that is standing behind the Router/Firewall and allows the employees to login into the local network from home.
As an IPSEC implementation would be overkill and very hard to maintain for my customer, I decided to use
OpenVPN with a PKI (Public Key Infrastruktur) on an
OpenBSD box. Yesterday my customer brought me the server where the gateway should run on. I
quickly installed OpenBSD 4.0, updated ports and sources, built a new kernel and did some default configuration. Then I installed OpenVPN via the ports tree. I set up a openssl.cnf to create my own CA and created the server certificates for the OpenVPN server. The configuration of the OpenVPN server was pretty straight forward. Next was the client certificate creation and some fine tuning of the
pf rules and that's it.
On client side (all windows clients) I installed the
OpenVPN GUI and installed the certificate/configuration file pair. All you now have to do is to start the client, click on "connect" and enter you password and you're finally connected to the VPN. Pretty neat stuff. Easy to installed, easy to maintain. Hope my customer will like it
