For my own convenience I want to access my FreeBSD home directory from my laptop. OpenVPN seemed the least trouble and since I have a limited number of systems, I settled on distributing static keys. These are my notes. See the OpenVPN documentation, specifically the OpenVPN 2.0 HOWTO, and the FreeBSD manpages for details.

Configuring the server (FreeBSD) side:

  1. install openvpn2 using ports or package.
  2. configure openvpn for both server and a client:
    1. create a directory /usr/local/etc/openvpn with a subdirectory keys/.
    2. copy the easy-rsa/2.0/ directory to /usr/local/etc/openvpn/easy-rsa.
    3. create ca cert, . ./build-ca.
    4. create a server cert and key, . ./build-key-server server.
    5. create client cert and key, . ./build-key client.
    6. copy config sample to /usr/local/etc/openvpn/openvpn.conf
    7. edit to suit, I like to put the log and status to /var/log, use log-append and bump up the log detail to 4.
    8. add openvpn_enable="YES" to /etc/rc.conf.
    9. start the daemon with /usr/local/etc/rc.d/openvpn start.
  3. Add an entry to /etc/newsyslog.conf to handle our new logfile: /var/log/openvpn.log 600 7 * @T00 J

  4. I set up NFS to serve home directories on the private network used for the OpenVPN tunnel:

    1. Either use sysinstall or do it yourself to add to /etc/rc.conf:
    • nfs_server_enable="YES"
    • rpcbind_enable="YES"
    • nfs_server_options="-t -u -h 10.8.0.1 -n 4"
    1. add to /etc/exports /home -network 10.8.0.0 -mask 255.255.255.0"
    2. start the daemons with /etc/rc.d/rpcbind start, /etc/rc.d/nfsd start and /etc/rc.d/mountd start

Configuring the client (OSX) side:

  1. Install openvpn2 from darwinports or you can make life easy and grab Tunnelblick which has prebuilt packages along with a minimalist GUI.
  2. Copy the ca.crt, client.crt and client.key from the server to the appropriate directory for the client host. This is ~/Library/openvpn in my case.
  3. Start the tunnel. Note that it syslogs, so look in the Console.app for errors and warnings.
  4. From the Finder, choose Go, then Connect to Server (apple-K). In the dialogue box put nfs://10.8.0.1/home.

If all went well, you should have a new folder named “home” on the desktop. It’s almost certain that your UID/GID don’t match on the two systems so look there if the mount is read-only.