OpenVPN Setup
Thanks to everyone for the replies yesterday on OpenVPN. I'd like to report a few interesting things: 1. In doing some google searches on this last night, believe it or not some of the search results were the exact questions I asked in this group, only yesterday afternoon. And this was while I was watching Fox News make reports on how Google is watching and recording everything these days...Sheesh I didn't know their spiders ran that fast. 2. I have my OpenVPN process running on my FreeBSD server and wish to test it with the OpenVPN client for Windows on my laptop from an outside location. But the only outside locations I have access to right now are the local McDonalds and Starbucks which offer free WiFi via ATT's network. The trouble with this is they appear to be blocking almost everything at these locations with the exception of HTTP traffic. I can't make the connection and I cannot acces my LAN via SSH either. I don't think they are blocking any particular ports on these systems as much as they are just blocking everything except those ports which allow users to surf the web. The only thing which appears in the status window is that's it trying to make the handshake but then fails. I can ping my home server from these outside locations so I know my server is reachable. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN Setup
You can still test it from home... do pings through a specific interface. Or change your routing table information. Also you can communicate from the server itself to the client to test. On May 11, 2011, at 8:11 AM, Bill Tillman wrote: Thanks to everyone for the replies yesterday on OpenVPN. I'd like to report a few interesting things: 1. In doing some google searches on this last night, believe it or not some of the search results were the exact questions I asked in this group, only yesterday afternoon. And this was while I was watching Fox News make reports on how Google is watching and recording everything these days...Sheesh I didn't know their spiders ran that fast. 2. I have my OpenVPN process running on my FreeBSD server and wish to test it with the OpenVPN client for Windows on my laptop from an outside location. But the only outside locations I have access to right now are the local McDonalds and Starbucks which offer free WiFi via ATT's network. The trouble with this is they appear to be blocking almost everything at these locations with the exception of HTTP traffic. I can't make the connection and I cannot acces my LAN via SSH either. I don't think they are blocking any particular ports on these systems as much as they are just blocking everything except those ports which allow users to surf the web. The only thing which appears in the status window is that's it trying to make the handshake but then fails. I can ping my home server from these outside locations so I know my server is reachable. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN Setup
On Wed, May 11, 2011 at 09:11, Bill Tillman btillma...@yahoo.com wrote: 2. I have my OpenVPN process running on my FreeBSD server and wish to test it with the OpenVPN client for Windows on my laptop from an outside location. But the only outside locations I have access to right now are the local McDonalds and Starbucks which offer free WiFi via ATT's network. The trouble with this is they appear to be blocking almost everything at these locations with the exception of HTTP traffic. I can't make the connection and I cannot acces my LAN via SSH either. I don't think they are blocking any particular ports on these systems as much as they are just blocking everything except those ports which allow users to surf the web. The only thing which appears in the status window is that's it trying to make the handshake but then fails. I can ping my home server from these outside locations so I know my server is reachable. It's not uncommon for guest/visitor/unsponsored/portal wireless to only have ports 80 and 443 (sometimes only port 80) open. You can modify your server's config to use port 80 instead of 1194 (assuming you aren't running a webserver on that machine). Keep in mind that if you do that then before you can connect you'll have to: o change the config on the server o restart openvpn on the server o change the config on the client kmw ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN Setup
From: Kevin Wilcox kevin.wil...@gmail.com To: Bill Tillman btillma...@yahoo.com Cc: freebsd-questions@freebsd.org Sent: Wed, May 11, 2011 9:28:08 AM Subject: Re: OpenVPN Setup On Wed, May 11, 2011 at 09:11, Bill Tillman btillma...@yahoo.com wrote: 2. I have my OpenVPN process running on my FreeBSD server and wish to test it with the OpenVPN client for Windows on my laptop from an outside location. But the only outside locations I have access to right now are the local McDonalds and Starbucks which offer free WiFi via ATT's network. The trouble with this is they appear to be blocking almost everything at these locations with the exception of HTTP traffic. I can't make the connection and I cannot acces my LAN via SSH either. I don't think they are blocking any particular ports on these systems as much as they are just blocking everything except those ports which allow users to surf the web. The only thing which appears in the status window is that's it trying to make the handshake but then fails. I can ping my home server from these outside locations so I know my server is reachable. It's not uncommon for guest/visitor/unsponsored/portal wireless to only have ports 80 and 443 (sometimes only port 80) open. You can modify your server's config to use port 80 instead of 1194 (assuming you aren't running a webserver on that machine). Keep in mind that if you do that then before you can connect you'll have to: o change the config on the server o restart openvpn on the server o change the config on the client kmw ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Thanks again. Setting the proto to tcp, port 443 is working at least. I'm sitting comfortably in a Starbucks with a cup of java and smooth jazz playing and with a powered connection so I won't have to worry about battery in this laptop which only lasts about 20 minutes these days. So I can run the VPN client here and it makes connection and grabs an IP address 10.8.0.6, and I can ping the tunnel device on the other end 10.8.0.1 but I cannot access the other side of the VPN server at home, 10.0.0.0/24. Nothing will reply to pings and my attempts to do remote desktop with one of my windows machines fails and I cannot access the Samba shares on the VPN server. I guess this must be a routing issue but I thought the OpenVPN server set this up when it started. Any additional advice will be appreciated. I'm going to stay here and hack at it until they run me off. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN Setup
From: Kevin Wilcox kevin.wil...@gmail.com To: Bill Tillman btillma...@yahoo.com Cc: freebsd-questions@freebsd.org Sent: Wed, May 11, 2011 9:28:08 AM Subject: Re: OpenVPN Setup On Wed, May 11, 2011 at 09:11, Bill Tillman btillma...@yahoo.com wrote: 2. I have my OpenVPN process running on my FreeBSD server and wish to test it with the OpenVPN client for Windows on my laptop from an outside location. But the only outside locations I have access to right now are the local McDonalds and Starbucks which offer free WiFi via ATT's network. The trouble with this is they appear to be blocking almost everything at these locations with the exception of HTTP traffic. I can't make the connection and I cannot acces my LAN via SSH either. I don't think they are blocking any particular ports on these systems as much as they are just blocking everything except those ports which allow users to surf the web. The only thing which appears in the status window is that's it trying to make the handshake but then fails. I can ping my home server from these outside locations so I know my server is reachable. It's not uncommon for guest/visitor/unsponsored/portal wireless to only have ports 80 and 443 (sometimes only port 80) open. You can modify your server's config to use port 80 instead of 1194 (assuming you aren't running a webserver on that machine). Keep in mind that if you do that then before you can connect you'll have to: o change the config on the server o restart openvpn on the server o change the config on the client kmw ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Thanks again. Setting the proto to tcp, port 443 is working at least. I'm sitting comfortably in a Starbucks with a cup of java and smooth jazz playing and with a powered connection so I won't have to worry about battery in this laptop which only lasts about 20 minutes these days. So I can run the VPN client here and it makes connection and grabs an IP address 10.8.0.6, and I can ping the tunnel device on the other end 10.8.0.1 but I cannot access the other side of the VPN server at home, 10.0.0.0/24. Nothing will reply to pings and my attempts to do remote desktop with one of my windows machines fails and I cannot access the Samba shares on the VPN server. I guess this must be a routing issue but I thought the OpenVPN server set this up when it started. Any additional advice will be appreciated. I'm going to stay here and hack at it until they run me off. Just cleared one more hurdle. Turns out the PUSH line in server.conf was still commented out. A quick change there and it's off and running. I can now ping inside my LAN from this remote connection and just completed a successful Remote Desktop session with one of the Windows clients inside as well. I'm still somewhat confused on the routes needed and several of my tests are still in place on the home LAN servers so I'm not sure what actually worked and what can be removed if any. The PUSH line though seemed to be all it needed but I think there is something on the inside which needs to be set as well. Sorry for all the traffic, but I have the time this week to hack at this until I get it right. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
OpenVPN Setup
Thanks again for all the great tips on OpenVPN setup. I think its about ready for real deployment but I have a couple of more questions. My OpenVPN server (10.0.0.254) is inside my LAN behind another FreeBSD router/gateway (10.0.0.253) which is running IPFW+NATD and handles the LAN's connection to the cable modem. All that is running fine. In the docs I read it told me to turn forwarding on at the OpenVPN server (10.0.0.254) as well, effectively turning it into another gateway. I was wondering if this could be avoided, assuming the docs I read were about a setup where the VPN server was right off the Internet and was needed as the gateway. I added this route to the FreeBSD router (10.0.0.253) which on my LAN is the machine right off the cable modem: route add -net 10.8.0.0/24 10.0.0.254 This made everything work but I'd like to ask if this is the most efficient way of setting up the routing table.on the router (10.0.0.253). When I check the routing tables on the OpenVPN server with netstat -nr I see this info: Internet: Destination Gateway Flags Refs Use Netif Expire default 10.0.0.253 UGS 0 31257 bge0 10.0.0.0/24 link#3 U 1 101587 bge0 10.0.0.254 link#3 UHS 0 0 lo0 10.8.0.0/24 10.8.0.2UGS 0 33716 tun0 10.8.0.1 link#5 UHS 0 2 lo0 10.8.0.2 link#5 UH 0 0 tun0 127.0.0.1 link#4 UH 0 472 lo0 I'm curious as to why the 3rd entry shows the route for 10.8.0.0/24 goes through 10.8.0.2 as it's gateway. 10.8.0.2 is not pingable in this setup. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
OpenVPN Setup
I have a FreeBSD-8.2-STABLE server running OpenVPN. What I'm trying to do is to be able to access my LAN with my M$ Windows laptop using a M$ compatible client. I read the manpage and it basically sets forth examples in which there will be two (2) OpenVPN servers. In my case I will only have one OpenVPN server and my laptop out there on the road. And of course I won't know the IP address of my laptop until I connect out there somewhere. Can anyone recommend how to do this or where I can read more about how to use OpenVPN with only one server? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN Setup
On May 10, 2011, at 12:55 PM, Bill Tillman wrote: I have a FreeBSD-8.2-STABLE server running OpenVPN. What I'm trying to do is to be able to access my LAN with my M$ Windows laptop using a M$ compatible client. I read the manpage and it basically sets forth examples in which there will be two (2) OpenVPN servers. In my case I will only have one OpenVPN server and my laptop out there on the road. And of course I won't know the IP address of my laptop until I connect out there somewhere. Can anyone recommend how to do this or where I can read more about how to use OpenVPN with only one server? OpenVPN's site provides fine documentation: http://openvpn.net/index.php/open-source/documentation.html http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN Setup
On 5/10/2011 3:55 PM, Bill Tillman wrote: I have a FreeBSD-8.2-STABLE server running OpenVPN. What I'm trying to do is to be able to access my LAN with my M$ Windows laptop using a M$ compatible client. I read the manpage and it basically sets forth examples in which there will be two (2) OpenVPN servers. In my case I will only have one OpenVPN server and my laptop out there on the road. And of course I won't know the IP address of my laptop until I connect out there somewhere. Can anyone recommend how to do this or where I can read more about how to use OpenVPN with only one server? There's a client for Windows from the OpenVPN folks available under http://openvpn.net/index.php/open-source/downloads.html If you're on Windows 7, Install is by running it as administrator, and configure the shortcut to run the client itself as administrator. You should then have a nice roaming setup. -- Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Fw: OpenVPN Setup
From: Chuck Swiger cswi...@mac.com To: Bill Tillman btillma...@yahoo.com Cc: freebsd-questions@freebsd.org Sent: Tue, May 10, 2011 4:14:34 PM Subject: Re: OpenVPN Setup On May 10, 2011, at 12:55 PM, Bill Tillman wrote: I have a FreeBSD-8.2-STABLE server running OpenVPN. What I'm trying to do is to be able to access my LAN with my M$ Windows laptop using a M$ compatible client. I read the manpage and it basically sets forth examples in which there will be two (2) OpenVPN servers. In my case I will only have one OpenVPN server and my laptop out there on the road. And of course I won't know the IP address of my laptop until I connect out there somewhere. Can anyone recommend how to do this or where I can read more about how to use OpenVPN with only one server? OpenVPN's site provides fine documentation: http://openvpn.net/index.php/open-source/documentation.html http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org I'm working through the docs you referenced in the HOWTO and it says: Next, initialize the PKI. On Linux/BSD/Unix: . ./vars ./clean-all ./build-ca the vars file is not executable and from what I see in the Makefile they want to chmod it to 644I tried /bin/sh ./vars and it seemed to work but then when I run ./clean-all which is executable I get Please source the vars script first (i.e. . ./vars) Make sure you have edited it to reflect your configuration. I'm stumped as this appears to be something Linux will handle but not FreeBSDany suggestions? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN Setup
On May 10, 2011, at 2:50 PM, Bill Tillman wrote: OpenVPN's site provides fine documentation: http://openvpn.net/index.php/open-source/documentation.html http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html [ ... ] I'm working through the docs you referenced in the HOWTO and it says: Next, initialize the PKI. On Linux/BSD/Unix: . ./vars ./clean-all ./build-ca If you're trying to setup a CA for PKI, then you're not following the static key document: Static Key Mini-HOWTO Introduction Static key configurations offer the simplest setup, and are ideal for point-to-point VPNs or proof-of-concept testing. Static Key advantages • Simple Setup • No X509 PKI (Public Key Infrastructure) to maintain the vars file is not executable and from what I see in the Makefile they want to chmod it to 644I tried /bin/sh ./vars and it seemed to work but then when I run ./clean-all which is executable I get Please source the vars script first (i.e. . ./vars) Yes. The directions assume you are running /bin/sh (or Bourne-compatible shells bash, ksh, zsh, etc). Do that, and . ./vars will work. Running /bin/sh ./vars also works, but is useless because it changes the variables in a subshell which exits once it finishes processing the ./vars file. Make sure you have edited it to reflect your configuration. I'm stumped as this appears to be something Linux will handle but not FreeBSDany suggestions? Yes, follow the directions. OpenVPN works fine on FreeBSD. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN Setup
Yes, I got that after a few searches...I ended up installing bash because so many things these days are Linux centric and bash is the default shell on Linux. I through all the setup and created the certificates. Now to fire it up and then take my laptop down to Starbucks and try to login. From: Chuck Swiger cswi...@mac.com To: Bill Tillman btillma...@yahoo.com Cc: freebsd-questions@freebsd.org Sent: Tue, May 10, 2011 6:02:13 PM Subject: Re: OpenVPN Setup On May 10, 2011, at 2:50 PM, Bill Tillman wrote: OpenVPN's site provides fine documentation: http://openvpn.net/index.php/open-source/documentation.html http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html [ ... ] I'm working through the docs you referenced in the HOWTO and it says: Next, initialize the PKI. On Linux/BSD/Unix: . ./vars ./clean-all ./build-ca If you're trying to setup a CA for PKI, then you're not following the static key document: Static Key Mini-HOWTO Introduction Static key configurations offer the simplest setup, and are ideal for point-to-point VPNs or proof-of-concept testing. Static Key advantages • Simple Setup • No X509 PKI (Public Key Infrastructure) to maintain the vars file is not executable and from what I see in the Makefile they want to chmod it to 644I tried /bin/sh ./vars and it seemed to work but then when I run ./clean-all which is executable I get Please source the vars script first (i.e. . ./vars) Yes. The directions assume you are running /bin/sh (or Bourne-compatible shells bash, ksh, zsh, etc). Do that, and . ./vars will work. Running /bin/sh ./vars also works, but is useless because it changes the variables in a subshell which exits once it finishes processing the ./vars file. Make sure you have edited it to reflect your configuration. I'm stumped as this appears to be something Linux will handle but not FreeBSDany suggestions? Yes, follow the directions. OpenVPN works fine on FreeBSD. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN Setup
One more thing. I am going to need the Windows Client but I don't seem to find that at the OpenVPN site, only the full install which I assume installs the server as well as the client. Or am I missing the link to get just the client install. I would like to keep the overhead to a minimum. From: Chuck Swiger cswi...@mac.com To: Bill Tillman btillma...@yahoo.com Cc: freebsd-questions@freebsd.org Sent: Tue, May 10, 2011 6:02:13 PM Subject: Re: OpenVPN Setup On May 10, 2011, at 2:50 PM, Bill Tillman wrote: OpenVPN's site provides fine documentation: http://openvpn.net/index.php/open-source/documentation.html http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html [ ... ] I'm working through the docs you referenced in the HOWTO and it says: Next, initialize the PKI. On Linux/BSD/Unix: . ./vars ./clean-all ./build-ca If you're trying to setup a CA for PKI, then you're not following the static key document: Static Key Mini-HOWTO Introduction Static key configurations offer the simplest setup, and are ideal for point-to-point VPNs or proof-of-concept testing. Static Key advantages • Simple Setup • No X509 PKI (Public Key Infrastructure) to maintain the vars file is not executable and from what I see in the Makefile they want to chmod it to 644I tried /bin/sh ./vars and it seemed to work but then when I run ./clean-all which is executable I get Please source the vars script first (i.e. . ./vars) Yes. The directions assume you are running /bin/sh (or Bourne-compatible shells bash, ksh, zsh, etc). Do that, and . ./vars will work. Running /bin/sh ./vars also works, but is useless because it changes the variables in a subshell which exits once it finishes processing the ./vars file. Make sure you have edited it to reflect your configuration. I'm stumped as this appears to be something Linux will handle but not FreeBSDany suggestions? Yes, follow the directions. OpenVPN works fine on FreeBSD. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN Setup
On May 10, 2011, at 3:31 PM, Bill Tillman wrote: One more thing. I am going to need the Windows Client but I don't seem to find that at the OpenVPN site, only the full install which I assume installs the server as well as the client. Or am I missing the link to get just the client install. I would like to keep the overhead to a minimum. There isn't different software for server and client; OpenVPN performs either role depending on how it is configured. Given that the Windows installer is very close to the size of a 1.4 MB floppy, you're likely consuming about twenty cents worth of disk space, or about a dollar's worth of SSD space. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Fw: OpenVPN Setup
From: Chuck Swiger cswi...@mac.com To: Bill Tillman btillma...@yahoo.com Cc: freebsd-questions@freebsd.org Sent: Tue, May 10, 2011 6:39:48 PM Subject: Re: OpenVPN Setup OK I know I saw this somewhere but it eludes me now. I have generated the keys and certificates for the server and client on my FreeBSD server. I then copied them over to my Windows laptop but apparently cannot find where I'm supposed to copy them to. And my replies keep getting blocked by some kind of spam filter. On May 10, 2011, at 3:31 PM, Bill Tillman wrote: One more thing. I am going to need the Windows Client but I don't seem to find that at the OpenVPN site, only the full install which I assume installs the server as well as the client. Or am I missing the link to get just the client install. I would like to keep the overhead to a minimum. There isn't different software for server and client; OpenVPN performs either role depending on how it is configured. Given that the Windows installer is very close to the size of a 1.4 MB floppy, you're likely consuming about twenty cents worth of disk space, or about a dollar's worth of SSD space. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fw: OpenVPN Setup
On Tue, May 10, 2011 at 19:19, Bill Tillman btillma...@yahoo.com wrote: OK I know I saw this somewhere but it eludes me now. I have generated the keys and certificates for the server and client on my FreeBSD server. I then copied them over to my Windows laptop but apparently cannot find where I'm supposed to copy them to. And my replies keep getting blocked by some kind of spam filter. The client conf and all certs can go in one directory under (32-bit Windows) C:\Program Files\OpenVPN\config\ (64-bit Windows) C:\Program Files(x86)\OpenVPN\config\ kmw ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fw: OpenVPN Setup
From: Kevin Wilcox kevin.wil...@gmail.com To: Bill Tillman btillma...@yahoo.com Cc: freebsd-questions@freebsd.org Sent: Tue, May 10, 2011 7:42:21 PM Subject: Re: Fw: OpenVPN Setup On Tue, May 10, 2011 at 19:19, Bill Tillman btillma...@yahoo.com wrote: OK I know I saw this somewhere but it eludes me now. I have generated the keys and certificates for the server and client on my FreeBSD server. I then copied them over to my Windows laptop but apparently cannot find where I'm supposed to copy them to. And my replies keep getting blocked by some kind of spam filter. The client conf and all certs can go in one directory under (32-bit Windows) C:\Program Files\OpenVPN\config\ (64-bit Windows) C:\Program Files(x86)\OpenVPN\config\ kmw This is a very frustrating process but I think I'm getting there. The files I created on the FreeBSD server which I copied over are: client1.crt client1.csr client1.key But the windows setup appears that it wants one of these files to be called client.ovpn. Of course I can't give all of them that name so I'm stumped again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fw: OpenVPN Setup
On Tue, May 10, 2011 at 19:59, Bill Tillman btillma...@yahoo.com wrote: This is a very frustrating process but I think I'm getting there. The files I created on the FreeBSD server which I copied over are: client1.crt client1.csr client1.key But the windows setup appears that it wants one of these files to be called client.ovpn. Of course I can't give all of them that name so I'm stumped again. You only need to copy the .crt and .key files, those are your key and certificate for the client named client1. They are used for authentication. The .ovpn file (.conf on Unix) contains the information OpenVPN needs to find your OpenVPN server. A good sample can be found at http://openvpn.net/index.php/open-source/documentation/howto.html#examples. For example, I give the following config to my clients: client dev tun proto udp remote put_your_server_ip_here 1194 resolv-retry infinite nobind persist-key persist-tun route-method exe route-delay 2 ca ca.crt cert client1.crt key client1.key # only uncomment if you setup tls-auth # tls-auth tls-auth.key 1 verb 3 comp-lzo Yours won't match exactly but it'll probably be awfully close. kmw ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fw: OpenVPN Setup
On Tue, May 10, 2011 at 20:09, Kevin Wilcox kevin.wil...@gmail.com wrote: On Tue, May 10, 2011 at 19:59, Bill Tillman btillma...@yahoo.com wrote: client1.crt client1.csr client1.key You only need to copy the .crt and .key files, those are your key and certificate for the client named client1. One more comment there - you also need the ca.crt file. kmw ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN Setup
On Tue, May 10, 2011 at 20:50, Frank Griffith frnkgrf...@yahoo.com wrote: Anyway, I tried to start the OpenVPN server on the FreeBSD server and it will not start. I got this message: # openvpn /usr/local/etc/openvpn/server.conf Tue May 10 20:35:11 2011 OpenVPN 2.2.0 amd64-portbld-freebsd8.2 [SSL] [LZO2] [eurephia] built on May 10 2011 Tue May 10 20:35:11 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue May 10 20:35:11 2011 Cannot open dh1024.pem for DH parameters: error:02001002:system library:fopen:No such file or directory: error:2006D080:BIO routines:BIO_new_file:no such file Tue May 10 20:35:11 2011 Exiting If you edit /usr/local/etc/openvpn/server.conf, it will mention ca ca.crt cert server.crt dh dh1024.pem key server.key or something similar. Each of the files it references will need to be in /usr/local/etc/openvpn/. The error Cannot open dh1024.pem tells you what it's trying to open that it can't find. kmw ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org