Tl;dr The following instructions describe how to remotely connect to a network over an IPsec / L2TP VPN through an OpenBSD server, using native clients on macOS and iOS. There are many VPN appliances commercially available that provide a nice UI and often come with an expensive support contract. If you are willing to roll up your sleeves a little and don’t mind using the command line, it is possible to create your own VPN server with OpenBSD. These instructions assume familiarity with installing OpenBSD. Installing OpenBSD is not technically difficult, but familiarity with the command line and Unix/Linux commands is recommended. If you can install Linux, OpenBSD should not be a problem. This is an update to the previous post. Alternative: OpenIKED An alternative to the following instructions is the project. Supported Platforms - Windows, Mac OS X Where to Get the Client - Check Point Support Center. IPsec VPN Check Point Endpoint Remote Access VPN Software Blades support full IPsec VPN connectivity for strong authentication, data integrity and confidentiality. Check Point Remote Access. It is an OpenBSD project, appears to have native support from macOS and iOS. Requirements The steps below will setup an IPSec VPN, with a ‘road warrior’ type configuration, where the external connections will likely have changing IP addresses. This is as opposed to a site to site VPN, where the external connection will be fixed. The client configuration will focus on macOS and iOS devices using native OS drivers. Other platforms include IPsec / L2TP support, please check your documentation and Google for details. Finally, the instructions assume that the OpenBSD server is behind a firewall and have the appropriate ports forwarded to it. The server can be physical device or VM. VPN: IPSec / L2TP Device Support, native drivers: macOS Sierra (10.12) macOS High Sierra (10.13) iOS 9 iOS 10 OpenBSD Perform a normal OpenBSD 6.2 install and perform the steps below logged in as root. The base install includes Packet Filter, IPsec and npppd, so no additional packages should be needed. Set the hostname of the OpenBSD VPN server by editing /etc/myname. For details see. Finally, assign a static ip address, either through DHCP or by editing the appropriate /etc/hostname.XXX file. Overwatch for apple mac computer. Network and Firewall Configuration The network details for this configuration are: OpenBSD Server 192.168.2.100 Private network 192.168.2.0/24 (192.168.2.0-192.168.2.254) DHCP / DNS / Firewall 192.168.2.1 VPN network pool 10.0.0.2-10.0.0.254 VPN network gateway to private network 10.0.0.1. Router and Firewall How to configure the network, add static routes and port forwarding will depend on your DHCP / DNS / Firewall and is out of scope of this document. On small networks, often the DHCP, DNS and Firewall services are provided by the same gateway router.
0 Comments
Leave a Reply. |