OpenVPN with FreeBSD, PF and Windows XP February 5th, 2010
This howto is a quick a dirty guide to building OpenVPN on a FreeBSD box (running pf as the firewall), and then connecting a Windows XP client to it.
Server Install
First install the port
cd /usr/ports/security/openvpn
make install
Now that the port is installed you can start setting stuff up.
First edit your /etc/rc.conf and add the following line:-
openvpn_enable=”YES”
Now create the config files, which we will place in /usr/local/etc/openvpn:-
cd /usr/local/etc/
mkdir openvpn
cd openvpn
vim openvpn.conf
Place this into your config file:-
# Specify device
dev tun
# Server and client IP and Pool
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt Read the rest of this entry »
Setting Up Squid on FreeBSD February 5th, 2010
Squid is web caching and conserving badwidth application. With Squid, we will reduce the traffic 30% or more from normal usage (without squid) and enhance respone time. In here, i will use squid 2.7.STABLE3.
Installing Squid.
You can download Squid from here. After you download the source of squid, then :
# tar zxvf squid-2.7.STABLE3.tar.gz
# cd squid-2.7.STABLE3
# ./configure ‘–sysconfdir=/etc/squid’ ‘–enable-storeio=diskd,ufs,aufs’ ‘–enable-delay-pools’ \
‘–enable-pf-transparent’ ‘–enable-ipf-transparent’ ‘–disable-ident-lookups’ \
‘–enable-removal-policies’
# make
# make install
–enable-delay-pools – Enable delay pools to limit bandwidth usage.
You need to enable the option in order to use Squid to limit bandwith usage. It will give fair bandwith usage for everybody. In my case, I don’t want one person sucking all of the available bandwidth by downloading a big movie, causing others to suffer.
–enable-ipf-transparent – Enable Transparent Proxy support for systems using IP Filter network address redirection.
With this option, you don’t have to configure the client’s browser proxy setting. Also it is a good way to force the client to use the proxy everytime.
–enable-storeio=diskd,ufs – Enable diskd
Improve disk I/O performance. According to the Squid FAQ, if you enable diskd you can gain a 400% increase of perfomance. However, you would need to recompile the kernel because your operating system must support message queues and shared memory.
–enable-removal-policies – Build support for the list of removal policies.
By default, Squid uses LRU, but there are two better policies: GDSF and LFUDA. See the Squid config for a more detailed explanation.
–disable-ident-lookups – This allows you to remove code that performs Ident (RFC 931) lookups.
Not really important. By the way, if you do transparent proxy, ident lookups won’t work.
–enable-snmp
Optional: enable this and you can monitor Squid with mrtg or rrdtool. How to do this is outside of this article’s scope. Perhaps in my next one. Read the rest of this entry »
