-
Notifications
You must be signed in to change notification settings - Fork 6
Home
Installing VirtualBox and FreeBSD
-
Download FreeBSD ISO: ftp://ftp2.se.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/10.3/FreeBSD-10.3-RELEASE-amd64-disc1.iso
-
Download VirtualBox from virtualbox.org
Install the app, you know, continue, continue, agree, continue, install etc.
Detailed step by step instructions for installing virtualbox
Detailed step by step instructions for installing FreeBSD in the Virtualbox VM
We will continue in Terminal, ssh.
ssh openvpn@ip
su
# Enter password used for root
freebsd-update fetch install
# Press enter for more and then q for quit.
pkg install -y nano screen bash git openvpn apache24 php56-openssl php56-session php56-gettext mod_php56
bash
Configure freebsd
nano /etc/rc.conf
Add the following at the bottom:
apache24_enable="YES"
firewall_enable="YES"
firewall_type="open"
gateway_enable="YES"
natd_enable="YES"
natd_interface="em0" # If ESXi adjust to vmx0 - you should have the interface name noted. Use it here.
natd_flags="-dynamic -m"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/server.conf"
rm -fr /usr/local/www/apache24/data/
git clone https://github.com/nblom/openvpn-php.git /usr/local/www/apache24/data/
chmod 777 /usr/local/www/apache24/data/
cp /usr/local/www/apache24/data/apache.conf /usr/local/etc/apache24/Includes/apache.conf
service apache24 start
mkdir /usr/local/etc/openvpn/
cp /usr/local/www/apache24/data/server.conf /usr/local/etc/openvpn/
openssl dhparam -out /usr/local/etc/openvpn/dh.pem 2048
Select language for OpenVPN-PHP
nano /usr/local/www/apache24/data/config.php
Call index.php via curl (to create the right files with the proper permissions)
curl localhost
Move the OpenVPN files and copy about your certificate.
mv /usr/local/www/apache24/data/openvpn-server.* /usr/local/etc/openvpn/
cp /usr/local/www/apache24/data/ca.crt /usr/local/etc/openvpn/
chmod 600 /usr/local/etc/openvpn/openvpn-server.key
chown root /usr/local/etc/openvpn/openvpn-server.key
Now you can copy the apachessl config, so after reboot it will listen to https with your certficate.
cp /usr/local/www/apache24/data/apachessl.conf /usr/local/etc/apache24/Includes/apachessl.conf
Add synchronizing the date and time in the crontab.
ntpdate ntp1.sth.netnod.se
nano /etc/crontab
00 * * * * root ntpdate -s ntp1.sth.netnod.se
configure OpenVPN
Adjust push and or server directives
nano /usr/local/etc/openvpn/server.conf
And finally, reboot the entire machine.
reboot
or
shutdown -h now # if you want to use LaunchDaemon to start Virtualbox headless.
Point your browser to https://your internal ip
You should see this site, after an alert of course that your certificate is completely inaccurate.
![Login screnshot](https://raw.githubusercontent.com/nblom/openvpn-php/master/images/openvpn-php1.png?raw=true "Login" =450x)
To OpenVPN to work you need to map the external IP to internally UDP port 1194
Examples for Halon securityrouter.org:
pass in quick on wan proto udp to (wan) port 1194 rdr-to 192.168.0.x label OpenVPN
As root in the Terminal, check so root has registered the VM, otherwise you need to register it.
sudo -s
/usr/local/bin/VBoxManage list vms
/usr/local/bin/VBoxManage registervm <path to OpenVPN.vbox>
![Virtualbox screenshot](https://raw.githubusercontent.com/nblom/openvpn-php/master/images/virtualbox30.png?raw=true =450x)
LaunchDaemon file for automatic start headless:
sudo nano /Library/LaunchDaemons/se.lop.virtualbox.openvpn.plist
sudo chmod 644 /Library/LaunchDaemons/se.lop.virtualbox.openvpn.plist
sudo launchctl load /Library/LaunchDaemons/se.lop.virtualbox.openvpn.plist
Change the name if you have not named the machine to "OpenVPN"
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>se.lop.virtualbox.openvpn</string>
<key>ThrottleInterval</key>
<string>120</string>
<key>UserName</key>
<string>root</string>
<key>GroupName</key>
<string>wheel</string>
<key>Nice</key>
<integer>10</integer>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/VBoxManage</string>
<string>startvm</string>
<string>OpenVPN</string>
<string>--type</string>
<string>headless</string>
</array>
</dict>
</plist>
Click on Download Latest Stable Release and mount the downloaded DMG.
Copy Tunnelblick Application to target clients Application folder.
![List screnshot](https://raw.githubusercontent.com/nblom/openvpn-php/master/images/remotedesktop1.png?raw=true "List of users" =450x)
Send Unix Command note the escaped space in the path
mkdir -p ~/Library/Application\ Support/Tunnelblick/Configurations
![List screnshot](https://raw.githubusercontent.com/nblom/openvpn-php/master/images/remotedesktop2.png?raw=true "List of users" =450x)
Copy configuration from downloaded webgui note no escaped space in the Place item in path
~/Library/Application Support/Tunnelblick/Configurations/
![List screnshot](https://raw.githubusercontent.com/nblom/openvpn-php/master/images/remotedesktop3.png?raw=true "List of users" =450x)
Rename configuration to something more user friendly
mv ~/Library/Application\ Support/Tunnelblick/Configurations/*.ovpn ~/Library/Application\ Support/Tunnelblick/Configurations/CompanyName.ovpn
![List screnshot](https://raw.githubusercontent.com/nblom/openvpn-php/master/images/remotedesktop4.png?raw=true "List of users" =450x)
Launch the Tunnelblick app and Click Convert Configurations
![List screnshot](https://raw.githubusercontent.com/nblom/openvpn-php/master/images/tunnelblick1.png?raw=true "Tunnelblick screenshot" =450x)
Click do not check for change
![List screnshot](https://raw.githubusercontent.com/nblom/openvpn-php/master/images/tunnelblick2.png?raw=true "Tunnelblick screenshot" =450x)
Check for updates if your want.
![List screnshot](https://raw.githubusercontent.com/nblom/openvpn-php/master/images/tunnelblick3.png?raw=true "Tunnelblick screenshot" =450x)
Place the icon where you want.
![List screnshot](https://raw.githubusercontent.com/nblom/openvpn-php/master/images/tunnelblick4.png?raw=true "Tunnelblick screenshot" =450x)
Select VPN Details...
Select Do not set nameservers under Set DNS.
Also recommend to deselect Check if apparent public IP address changed after connecting.
![List screnshot](https://raw.githubusercontent.com/nblom/openvpn-php/master/images/tunnelblick6.png?raw=true "Tunnelblick screenshot" =450x)