Notes: OSX, FreeBSD, OpenVPN and NFS
Aug 22, 2006For my own convenience I want to access my FreeBSD home directory from my laptop. [OpenVPN](http://openvpn.net) seemed the least trouble and since I have a limited number of systems, I settled on distributing static keys. These are my notes. See the OpenVPN documentation, specifically the [OpenVPN 2.0 HOWTO](http://openvpn.net/howto.html), and the FreeBSD manpages for details.
Configuring the server (FreeBSD) side:
1. install openvpn2 using ports or package.\
- configure openvpn for both server and a client:\
- create a directory
/usr/local/etc/openvpn
with a subdirectory keys/.\ - copy the
easy-rsa/2.0/
directory to/usr/local/etc/openvpn/easy-rsa
.\ - create ca cert,
. ./build-ca
.\ - create a server cert and key,
. ./build-key-server server
.\ - create client cert and key,
. ./build-key client
.\ - copy config sample to
/usr/local/etc/openvpn/openvpn.conf
\ - edit to suit, I like to put the log and status to
/var/log
, uselog-append
and bump up the log detail to 4.\ - add
openvpn_enable=“YES”
to /etc/rc.conf.\ - start the daemon with
/usr/local/etc/rc.d/openvpn start
.\ - Add an entry to
/etc/newsyslog.conf
to handle our new logfile:/var/log/openvpn.log 600 7 * @T00 J
\ - I set up NFS to serve home directories on the private network used for the OpenVPN tunnel:\
- Either use
sysinstall
or do it yourself to add to
/etc/rc.conf:
*nfs_server_enable=“YES”
*rpcbind_enable=“YES”
*nfs_server_options="-t -u -h 10.8.0.1 -n 4"
1. add to /etc/exports /home -network 10.8.0.0 -mask
255.255.255.0"
\
- start the daemons with
/etc/rc.d/rpcbind start
,/etc/rc.d/nfsd start
and/etc/rc.d/mountd start
Configuring the client (OSX) side:
1. Install openvpn2 from darwinports or you can make life easy and
grab [Tunnelblick](http://www.tunnelblick.net/) which has prebuilt
packages along with a minimalist GUI.\
- Copy the ca.crt, client.crt and client.key from the server to the
appropriate directory for the client host. This is
~/Library/openvpn in my case.\ - Start the tunnel. Note that it syslogs, so look in the Console.app
for errors and warnings.\ - From the Finder, choose Go, then Connect to Server (apple-K). In
the dialogue box putnfs://10.8.0.1/home
.
If all went well, you should have a new folder named “home” on the desktop. It’s almost certain that your UID/GID don’t match on the two systems so look there if the mount is read-only.