From owner-freebsd-questions@freebsd.org  Tue Nov 17 02:55:45 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1F656A31775
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Tue, 17 Nov 2015 02:55:45 +0000 (UTC)
 (envelope-from wblock@wonkity.com)
Received: from wonkity.com (wonkity.com [67.158.26.137])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "wonkity.com", Issuer "wonkity.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id E3F23198C
 for <freebsd-questions@freebsd.org>; Tue, 17 Nov 2015 02:55:44 +0000 (UTC)
 (envelope-from wblock@wonkity.com)
Received: from wonkity.com (localhost [127.0.0.1])
 by wonkity.com (8.15.2/8.15.2) with ESMTPS id tAH2tgRK031787
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Mon, 16 Nov 2015 19:55:42 -0700 (MST)
 (envelope-from wblock@wonkity.com)
Received: from localhost (wblock@localhost)
 by wonkity.com (8.15.2/8.15.2/Submit) with ESMTP id tAH2tgf2031784;
 Mon, 16 Nov 2015 19:55:42 -0700 (MST)
 (envelope-from wblock@wonkity.com)
Date: Mon, 16 Nov 2015 19:55:42 -0700 (MST)
From: Warren Block <wblock@wonkity.com>
To: Jon Radel <jon@radel.com>
cc: Dave B <g8kbvdave@gmail.com>, freebsd-questions@freebsd.org
Subject: Re: Help/advice request please.
In-Reply-To: <564A521A.90406@radel.com>
Message-ID: <alpine.BSF.2.20.1511161940080.23985@wonkity.com>
References: <564A4CE3.9663.851BBC@g8kbvdave.googlemail.com>
 <EB867E94-B658-4E58-91D2-6093888F4EB8@gmail.com> <564A521A.90406@radel.com>
User-Agent: Alpine 2.20 (BSF 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
 (wonkity.com [127.0.0.1]); Mon, 16 Nov 2015 19:55:42 -0700 (MST)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 02:55:45 -0000

On Mon, 16 Nov 2015, Jon Radel wrote:

> On 11/16/15 4:45 PM, Manas wrote:
>> Hello Dave,
>> 
>> I run a few openvpn servers on FreeBSD. I use 
>> https://openvpn.net/index.php/open-source/documentation/howto.html as my 
>> guide. Feel free to email me directly with any questions.
>> 
>
> I was just looking at that one, not having setup OpenVPN from scratch in a 
> while now.  Looks perfectly reasonable.

Just yesterday I was thinking we really need an OpenVPN section for the 
Handbook.  Something that shows best practices, not the typical "for 
simplicity, this example does not use passwords, but you should always 
use passwords in exactly the way we did not demonstrate at all here."

I'm not the one to write it, having been frustrated by the lack of good 
examples the last time I looked.  But I would be willing to help.

>> But there is no guidance as to what the other field values should (or
>> should not) be.

That is really annoying.  The equally annoying opposite number is magic 
values with no explanation.  Using callouts really helps fill in the 
detail without distracting from the example, as seen in
https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireless.html#network-wireless-ap-wpa