Re: [pfSense Support] openvpn certs creation
Hi Scott, i did what you told. Now i have a bash running (not as default) in the firewall (accessible thru menu option 8) The installation included the following packages: bash.tbz libiconv-1.9.2_1.tbz gettext-0.14.5.tbz I continue with the process describing all steps as much as posible :) Thanks a lot! jonathan Scott Ullrich wrote: For the sake of getting this working now (and if you need bash), try the following: From a shell: pkg_add -r bash rehash bash Scott On 10/11/05, *jonathan gonzalez* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi group, i tried to achieve this today but i couldn't get good news. I downloaded the last package from openvpn site, got the easy-rsa scripts, put it on the pfsense box in /etc/openvpn (everything as recomended) but i was unable to get it work yet. First i had some trouble due to the inexistence of the built-in 'export' command, so variables must be populated either manually on the CLI (with the 'set' command), or calling a script with the 'source' command. Then all the scripts are designed to be run on a normal bash so a lot of modifications should be necessary i think. I'm doing checks/tasks by my own. If i get something stable in reasonable amount of time keep for sure i will write the list to inform. Regards to all ;) jonathan Scott Ullrich wrote: Please refer to the m0n0wall documentation conerning OpenVPN. This may be helpful: http://m0n0.ch/wall/list/showmsg.php?id=103/47 Scott On 10/9/05, jonathan gonzalez [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: hi, i've activated developer menu options to get access to openvpn. i'd need to create the certs, dh-params and keys. I would like to know if i can do this thru the interface (i suppouse that not), and else i'd like to know if sb can provide me a script or code to do it on console, or in any other place but with the distro tools (sorry but i'm starting knowing the system and i don't know all the ins and outs yet). thanks in advance, regards, jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] openvpn certs creation
Hi, i created a openvpn client (client3) using pkcs12 scripts so i can get of the box a p12 file closed by password to send a client to access the vpn. I put this p12 file in my pc and tried to establish a connection to the pfsense box. The first part of the negotiation went fine, because the openvpn client i'm using requested me the p12 passkey to open the p12 file. Then the connection hangs with the firewall. I didn't look at the openvpn server configuration yet but i think something is wrong with the interface TUN becaue i can see it on the ifconfig -a listing. If somebody have an idea, please tell ;) Regards, jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] openvpn certs creation
device tun # Packet tunnel. We have tun in the kernel. What exactly is the problem? On 10/12/05, jonathan gonzalez [EMAIL PROTECTED] wrote: Hi, i created a openvpn client (client3) using pkcs12 scripts so i can get of the box a p12 file closed by password to send a client to access the vpn. I put this p12 file in my pc and tried to establish a connection to the pfsense box. The first part of the negotiation went fine, because the openvpn client i'm using requested me the p12 passkey to open the p12 file. Then the connection hangs with the firewall. I didn't look at the openvpn server configuration yet but i think something is wrong with the interface TUN becaue i can see it on the ifconfig -a listing. If somebody have an idea, please tell ;) Regards, jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] openvpn certs creation
I realized that the tun interface was not present and also in the Rules menu appeared a new tab named OPT1. In my case i only have 2 NICS so i don't have and optional third interface. I'm not sure if the vpn hung - because there was not rules that explicitly allows such traffic - because the tun driver was not present - maybe the silliest: there's not openvpn config file in the firewall :) I'm checking the openvpn configuration options on their website and comparing the environment with pfsense. The openvpn client logs don't say much information reason because i don't post it. Anyway if you want to see the exit i will do. Any thoughts will be welcomed ;) Regards, jonathan Scott Ullrich wrote: device tun # Packet tunnel. We have tun in the kernel. What exactly is the problem? On 10/12/05, jonathan gonzalez [EMAIL PROTECTED] wrote: Hi, i created a openvpn client (client3) using pkcs12 scripts so i can get of the box a p12 file closed by password to send a client to access the vpn. I put this p12 file in my pc and tried to establish a connection to the pfsense box. The first part of the negotiation went fine, because the openvpn client i'm using requested me the p12 passkey to open the p12 file. Then the connection hangs with the firewall. I didn't look at the openvpn server configuration yet but i think something is wrong with the interface TUN becaue i can see it on the ifconfig -a listing. If somebody have an idea, please tell ;) Regards, jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] openvpn certs creation
I will sync the latest OpenVPN from Peter (m0n0wall commiter) today. Should have a version for you to play with in a bit. Scott On 10/12/05, jonathan gonzalez [EMAIL PROTECTED] wrote: I realized that the tun interface was not present and also in the Rules menu appeared a new tab named OPT1. In my case i only have 2 NICS so i don't have and optional third interface. I'm not sure if the vpn hung - because there was not rules that explicitly allows such traffic - because the tun driver was not present - maybe the silliest: there's not openvpn config file in the firewall :) I'm checking the openvpn configuration options on their website and comparing the environment with pfsense. The openvpn client logs don't say much information reason because i don't post it. Anyway if you want to see the exit i will do. Any thoughts will be welcomed ;) Regards, jonathan Scott Ullrich wrote: device tun # Packet tunnel. We have tun in the kernel. What exactly is the problem? On 10/12/05, jonathan gonzalez [EMAIL PROTECTED] wrote: Hi, i created a openvpn client (client3) using pkcs12 scripts so i can get of the box a p12 file closed by password to send a client to access the vpn. I put this p12 file in my pc and tried to establish a connection to the pfsense box. The first part of the negotiation went fine, because the openvpn client i'm using requested me the p12 passkey to open the p12 file. Then the connection hangs with the firewall. I didn't look at the openvpn server configuration yet but i think something is wrong with the interface TUN becaue i can see it on the ifconfig -a listing. If somebody have an idea, please tell ;) Regards, jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] openvpn certs creation
oook ;) perfect... i'll try the new packages. Thanks a lot! jonathan Scott Ullrich wrote: I will sync the latest OpenVPN from Peter (m0n0wall commiter) today. Should have a version for you to play with in a bit. Scott On 10/12/05, jonathan gonzalez [EMAIL PROTECTED] wrote: I realized that the tun interface was not present and also in the Rules menu appeared a new tab named OPT1. In my case i only have 2 NICS so i don't have and optional third interface. I'm not sure if the vpn hung - because there was not rules that explicitly allows such traffic - because the tun driver was not present - maybe the silliest: there's not openvpn config file in the firewall :) I'm checking the openvpn configuration options on their website and comparing the environment with pfsense. The openvpn client logs don't say much information reason because i don't post it. Anyway if you want to see the exit i will do. Any thoughts will be welcomed ;) Regards, jonathan Scott Ullrich wrote: device tun # Packet tunnel. We have tun in the kernel. What exactly is the problem? On 10/12/05, jonathan gonzalez [EMAIL PROTECTED] wrote: Hi, i created a openvpn client (client3) using pkcs12 scripts so i can get of the box a p12 file closed by password to send a client to access the vpn. I put this p12 file in my pc and tried to establish a connection to the pfsense box. The first part of the negotiation went fine, because the openvpn client i'm using requested me the p12 passkey to open the p12 file. Then the connection hangs with the firewall. I didn't look at the openvpn server configuration yet but i think something is wrong with the interface TUN becaue i can see it on the ifconfig -a listing. If somebody have an idea, please tell ;) Regards, jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] openvpn certs creation
For the sake of getting this working now (and if you need bash), try the following: >From a shell: pkg_add -r bash rehash bash Scott On 10/11/05, jonathan gonzalez [EMAIL PROTECTED] wrote: Hi group,i tried to achieve this today but i couldn't get good news.I downloaded the last package from openvpn site, got the easy-rsascripts, put it on the pfsense box in /etc/openvpn (everything as recomended) but i was unable to get it work yet.First i had some trouble due to the inexistence of the built-in 'export'command, so variables must be populated either manually on the CLI (withthe 'set' command), or calling a script with the 'source' command. Then all the scripts are designed to be run on a normal bash so a lot ofmodifications should be necessary i think.I'm doing checks/tasks by my own. If i get something stable inreasonable amount of time keep for sure i will write the list to inform. Regards to all ;)jonathanScott Ullrich wrote: Please refer to the m0n0wall documentation conerning OpenVPN. This may be helpful: http://m0n0.ch/wall/list/showmsg.php?id=103/47 Scott On 10/9/05, jonathan gonzalez [EMAIL PROTECTED] wrote:hi, i've activated developer menu options to get access to openvpn. i'd needto create the certs, dh-params and keys. I would like to know if i cando this thru the interface (i suppouse that not), and else i'd like to know if sb can provide me a script or code to do it on console, or inany other place but with the distro tools (sorry but i'm startingknowing the system and i don't know all the ins and outs yet). thanks in advance,regards,jonathan-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] openvpn certs creation
Please refer to the m0n0wall documentation conerning OpenVPN. This may be helpful: http://m0n0.ch/wall/list/showmsg.php?id=103/47 Scott On 10/9/05, jonathan gonzalez [EMAIL PROTECTED] wrote: hi, i've activated developer menu options to get access to openvpn. i'd need to create the certs, dh-params and keys. I would like to know if i can do this thru the interface (i suppouse that not), and else i'd like to know if sb can provide me a script or code to do it on console, or in any other place but with the distro tools (sorry but i'm starting knowing the system and i don't know all the ins and outs yet). thanks in advance, regards, jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] openvpn certs creation
Yes, that would be outstanding. Feel free to mark it up on wiki.pfsense.com Thanks!! On 10/10/05, jonathan gonzalez [EMAIL PROTECTED] wrote: Hi Scott, i will try to do it tomorrow. Are you (the group) interested in have in the wiki a page describing the process, so there's no need to refer to m0n0wall, and will be available from pfsense site? Should you be interested please let me know. I will take note of the process to document it. Cheers, jonathan Scott Ullrich wrote: Please refer to the m0n0wall documentation conerning OpenVPN. This may be helpful: http://m0n0.ch/wall/list/showmsg.php?id=103/47 Scott On 10/9/05, jonathan gonzalez [EMAIL PROTECTED] wrote: hi, i've activated developer menu options to get access to openvpn. i'd need to create the certs, dh-params and keys. I would like to know if i can do this thru the interface (i suppouse that not), and else i'd like to know if sb can provide me a script or code to do it on console, or in any other place but with the distro tools (sorry but i'm starting knowing the system and i don't know all the ins and outs yet). thanks in advance, regards, jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]