The following is a quick tutorial on setting up ChaosVPN on a FreeBSD machine.

These instructions ought to work on any BSD machine, including Mac OS X, but this article is specifically for FreeBSD.

Install tinc

There is only one port you need to install: tinc. Any dependencies ought to be automatically installed when this port is installed. You can find the port in the following directory: /usr/ports/security/tinc.

Download the ChaosVPN source

Fetch the latest version of ChaosVPN by running the following command:

git clone git://github.com/ryd/chaosvpn.git
cd chaosvpn

Build ChaosVPN

Compiling and installing ChaosVPN is a fairly straightforward process:

$ gmake
$ su -
# gmake bsdinstall

Additional information

Configuring ChaosVPN on FreeBSD is very similar to configuring it on Linux, but here are some FreeBSD-specific options to set in the file /usr/local/etc/tinc/chaosvpn.conf:

The "gmake bsdinstall" installs a FreeBSD specific default config that should cover most of the specialities.

Post-shutdown commands

ChaosVPN may not automatically remove the tunnel interface once it shuts down. If you notice that a tunX interface with no IP address remains after killing the ChaosVPN process, run the following command:

/sbin/ifconfig tunX destroy

(Replace “tunX” with the actual tunnel name.)

Security concerns

It’s best to create a new, non-root user specifically for running ChaosVPN. This user will need to be listed in the sudoers file, and will need to be a member of the wheel group, so you can run the sudo and su commands, respectively. In the file /usr/local/etc/tinc/chaosvpn.conf, change the option $tincd_user to that new user.