Open VPN
OpenVPN is neat stuff. I ise it on my home wireless to share out spare bandwidth to the neghborhood while also assuring that my connections are prioritized and secured from snoopin’. Plus it runs on OpenWRT. Good stuff.
Getting it going on OSX took some doing, though. Some of the fuckups were just me figuring out exactly what I wanted from it (and in the process figuring out more about how linux and OS X do routing and firewalls and such), but some is stuff that should be done by Tunnelblick but really isn’t so much.
Here’s the problem I ran into. The reason for the VPN is to allow one to share internet connectivity with the neighbors and passersby without exposing your internal lan setup to snooping, and to avoid broadcasting your own browsing habits over the network. It is necessary, then, after the VPN connection is made, to route all traffic over the VPN to ensure that you’re not broadcasting unencrypted traffic.
To solve this problem, I simply made a “VPN” network location that sits on the local subnet and doesn’t have a default route. When openVPN connects, it runs a script to make the tap interface a dhcp interface, thus acquiring a default route through the tap. yay!
how to build a cert
cd /usr/share/openvpn/easy-rsa/ . ./vars ./build-key-pass <keyname>