OpenVPN auf Debian unstable - wie?
Hallo Leute, wir wollten unsere Server, welche an physikalisch verschiedenen Standorten stehen, untereinander mit OpenVPN vernetzen. Roadwarrior Access ist nicht geplant, aber evtl. bald auch einmal denkbar. Hat schon jemand von euch Erfahrung mit OpenVPN? Wenn ja, wäre ich um ein bisschen Hilfe sehr dankbar. MfG Tim Korves -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OpenVPN auf Debian unstable - wie?
Hallo! [He asked wether someone had experiences with OpenVPN on Debian] On Mon, 19 Apr 2004 12:14:59 +0200 (CEST) [EMAIL PROTECTED] wrote: wir wollten unsere Server, welche an physikalisch verschiedenen Standorten stehen, untereinander mit OpenVPN vernetzen. Roadwarrior Access ist nicht geplant, aber evtl. bald auch einmal denkbar. Hat schon jemand von euch Erfahrung mit OpenVPN? Wenn ja, wäre ich um ein bisschen Hilfe sehr dankbar. Works like a charm, but: - create custom kernel (TAP/TUN) - compile OpenVPN from source (no problems) FAQs/Docs are quite sufficient for connecting networks. Beware of using static keys - removing one road warrior means having to reconfigure ALL systems in the VPN. Use certificates instead (see the excellent OpenVPN HowTo). For static key problematics see http://www.cisco.com/warp/public/707/cisco-sn-20040415-grppass.shtml Speaking of: I'm contemplating offering boxed ETHERNET over IP VPN router/access devices (i.e. supporting IP, IPX, SNA, full DHCP/BootP, etc. - obviously not using IPSec but OpenVPN) at a target price around 500 EUR. Thought and opinions to me in private mail for not to clobber the list. Thanks Volker Tanger ITK Security -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OpenVPN auf Debian unstable - wie?
Am Montag 19 April 2004 12:59 schrieb Volker Tanger: Works like a charm, but: - create custom kernel (TAP/TUN) - compile OpenVPN from source (no problems) Why creating a custom kernel? The tun/tap device is included in the debian standard kernel images, so there is no need for compiling your own kernel. You can compile openvpn from sources, that should be no problem, but there are also packages for debian unstable (and testing) available. See: http://packages.debian.org/openvpn Available is the last stable version 1.5, if you want a newer openvpn that you can add: deb http://packages.debianbase.de/binaries/openvpn ./ to your /etc/apt/sources.list. On this apt-source you can get openvpn 1.6rc4 (and always the newest version in future). If you want bleeding edge versions than try: deb http://packages.debianbase.de/binaries/openvpn-beta ./ In this apt-repository is the latest openvpn 2 beta package (test23 in the moment). FAQs/Docs are quite sufficient for connecting networks. The docs are quite good and openvpn is easier to setup than ipsec setups, so you should be able to make the first successfull connection very quick. You should make ssl certs for the server and for every client (from the same CA) and make a simple config for each client (every client on a own udp port) and that should it be... [...] Hope I could help a bit... --Ralph -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
OpenVPN auf Debian unstable - wie?
Hallo Leute, wir wollten unsere Server, welche an physikalisch verschiedenen Standorten stehen, untereinander mit OpenVPN vernetzen. Roadwarrior Access ist nicht geplant, aber evtl. bald auch einmal denkbar. Hat schon jemand von euch Erfahrung mit OpenVPN? Wenn ja, wäre ich um ein bisschen Hilfe sehr dankbar. MfG Tim Korves
Re: OpenVPN auf Debian unstable - wie?
Hallo! [He asked wether someone had experiences with OpenVPN on Debian] On Mon, 19 Apr 2004 12:14:59 +0200 (CEST) [EMAIL PROTECTED] wrote: wir wollten unsere Server, welche an physikalisch verschiedenen Standorten stehen, untereinander mit OpenVPN vernetzen. Roadwarrior Access ist nicht geplant, aber evtl. bald auch einmal denkbar. Hat schon jemand von euch Erfahrung mit OpenVPN? Wenn ja, wäre ich um ein bisschen Hilfe sehr dankbar. Works like a charm, but: - create custom kernel (TAP/TUN) - compile OpenVPN from source (no problems) FAQs/Docs are quite sufficient for connecting networks. Beware of using static keys - removing one road warrior means having to reconfigure ALL systems in the VPN. Use certificates instead (see the excellent OpenVPN HowTo). For static key problematics see http://www.cisco.com/warp/public/707/cisco-sn-20040415-grppass.shtml Speaking of: I'm contemplating offering boxed ETHERNET over IP VPN router/access devices (i.e. supporting IP, IPX, SNA, full DHCP/BootP, etc. - obviously not using IPSec but OpenVPN) at a target price around 500 EUR. Thought and opinions to me in private mail for not to clobber the list. Thanks Volker Tanger ITK Security
Re: OpenVPN auf Debian unstable - wie?
Am Montag 19 April 2004 12:59 schrieb Volker Tanger: Works like a charm, but: - create custom kernel (TAP/TUN) - compile OpenVPN from source (no problems) Why creating a custom kernel? The tun/tap device is included in the debian standard kernel images, so there is no need for compiling your own kernel. You can compile openvpn from sources, that should be no problem, but there are also packages for debian unstable (and testing) available. See: http://packages.debian.org/openvpn Available is the last stable version 1.5, if you want a newer openvpn that you can add: deb http://packages.debianbase.de/binaries/openvpn ./ to your /etc/apt/sources.list. On this apt-source you can get openvpn 1.6rc4 (and always the newest version in future). If you want bleeding edge versions than try: deb http://packages.debianbase.de/binaries/openvpn-beta ./ In this apt-repository is the latest openvpn 2 beta package (test23 in the moment). FAQs/Docs are quite sufficient for connecting networks. The docs are quite good and openvpn is easier to setup than ipsec setups, so you should be able to make the first successfull connection very quick. You should make ssl certs for the server and for every client (from the same CA) and make a simple config for each client (every client on a own udp port) and that should it be... [...] Hope I could help a bit... --Ralph
