LinuxMCE Forums
General => Users => Topic started by: dlewis on May 08, 2009, 03:06:29 pm
-
There are a few topics in the forum that discuss OpenVPN, however none of the posts were definitive about people actually setting this up with LinuxMCE... Does anyone successfully have OpenVPN working with LinuxMCE? Thanks!
-dlewis
-
not that it helps much, but I had it installed and running, I just could never get the certificate and keys thing figured out to actually log into it.
-Krys
-
I am very familiar with OpenVPN if anyone wants help. I was thinking of creating a script that would set up VPN including the certs and keys. I will also post a wiki page. (once I get some spare time to devote to it).
-
cool, I used Donpaul's wiki to set up email on my core for fowarding voicemail's to me... it was very helpful and I look foward to this one as well!
-Krys
-
I am very familiar with OpenVPN if anyone wants help. I was thinking of creating a script that would set up VPN including the certs and keys. I will also post a wiki page. (once I get some spare time to devote to it).
I was just about to post something about possibly automating the process... A script would work well. Once it's done, please provide it for us to put into the release.
-
Yes, that would be vary helpfull.
Thnx
Itsik
-
Let's actually integrate this into the system as a feature for linking houses together.
-Thom
-
Let's actually integrate this into the system as a feature for linking houses together.
-Thom
Interesting idea... We can definitely link two networks with OpenVPN... What are some ideas for linuxmce feature integration and linking two homes? How would this work technically (from a LinuxMCE perspective).
-
I would imagine, each installation gets a key auto-generated, with the password of the first user.
This would be entered in on the other home, with a screen to select an instalation #, and enter in the key.
The installation # would be looked up on our servers, and an IP produced from it (dyndns anyone?)
and a tunnel would be connected between them, and installation database fragments would be downloaded between them...
NOW WITH THAT SAID....
So many things to worry about:
* Access controls, what can the other house control remotely?
* Media Sharing, what other mechanisms will we need to add to do remote media (remote house, everything downloaded.)
* etc.
much more, and a lot of UI to worry about in the process. In short, this is a monster feature, with monster hours needed. ;)
-Thom
-
Yes, I knew everything above the "Now with that said", it's the latter text I'm more worried about.... ;)
-
I have openvpn installed and working wonderfully... with the firewall disabled. When the lmce firewall is enabled, I can connect but routing is broken. I have a full writeup and am ready to create the script, but I need to solve this problem first.
OpenVPN uses a new interface:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
The route is added by openvpn:
dcerouter_110032:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.80.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
174.99.8.0 0.0.0.0 255.255.248.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 174.99.8.1 0.0.0.0 UG 0 0 0 eth1
I am familiar with iptables, but not how linuxmce writes it. Would anyone know what changes need to be made to allow the tun0 interface to route?
-
Ok, that didn't take long to figure out. I simply had to add these lines to the bottom of /usr/pluto/bin/Network_Firewall.sh:
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT
Wiki and scripts coming soon!
-
Nice! Looking forward it it!
-
Might want to just update this, as it pertains to making wiki updates: http://wiki.linuxmce.org/index.php/VPN
I'll make sure the OpenVPN script (and even the e-mail script mentioned above) become apart of the release...
-
I have scripts ready for anyone who wants to give it a try. I have OpenVPN fully functional on my core, and can access my network remotely.
ssh to the core, and run:
cd /usr/pluto/bin
wget http://donpaul.info/configure_openvpn.tar
tar -xvf configure_openvpn.tar
To install and configure openvpn (one time only), run:
./Configure_OpenVPN_Interactive.sh
To configure an OpenVPN user, run:
./Configure_OpenVPN_Users.sh
- Repeat for each user that will access OpenVPN
Let me how it goes. I'll get it to the wiki soon.
-
I find this idea very attractive! Maybe not for media sharing (I run ADSL, and maybe upload speed is not fast enough for video streaming) but for remote house control.
With the VPN running, a vpn enabled router and a hardware ip to X10 (or any other protocol) controller, It might be possible to remote control your holiday apartment lighting, heating or window blinds, or even have IP cameras connected to your main LMCE setup in that apartment that would trigger an alarm in your daylife home. Would this be possible?
Anyways, for those willing to have a remote MD on the other side of the tunnel, it might be necessary a HD based media director, Installing or starting a diskless MD through a VPN would take a lot of time to start.
-
I find this idea very attractive! Maybe not for media sharing (I run ADSL, and maybe upload speed is not fast enough for video streaming) but for remote house control.
Anyways, for those willing to have a remote MD on the other side of the tunnel, it might be necessary a HD based media director, Installing or starting a diskless MD through a VPN would take a lot of time to start.
Think bigger...
A VPN between 2 Cores could open up the possibility to sync data between them. This could be done while you are not using the system or your internet connection has low usage. That way you could not only control your hollyday appartment, but you can still se your favorite TV shows or DVD collection when you are there.
-
That didn't came into my mind, and it's great...
If this is included in LMCE, well... Take that WMC
LOL
-
I find this idea very attractive! Maybe not for media sharing (I run ADSL, and maybe upload speed is not fast enough for video streaming) but for remote house control.
Anyways, for those willing to have a remote MD on the other side of the tunnel, it might be necessary a HD based media director, Installing or starting a diskless MD through a VPN would take a lot of time to start.
Think bigger...
A VPN between 2 Cores could open up the possibility to sync data between them. This could be done while you are not using the system or your internet connection has low usage. That way you could not only control your hollyday appartment, but you can still se your favorite TV shows or DVD collection when you are there.
In theory this sounds good, and I agree, it should be implemented (any volunteers?). However, right now, the pipes are just not big enough atm. But in general, having linked LinuxMCE system, is something worth while.
-
I find this idea very attractive! Maybe not for media sharing (I run ADSL, and maybe upload speed is not fast enough for video streaming) but for remote house control.
Anyways, for those willing to have a remote MD on the other side of the tunnel, it might be necessary a HD based media director, Installing or starting a diskless MD through a VPN would take a lot of time to start.
Think bigger...
A VPN between 2 Cores could open up the possibility to sync data between them. This could be done while you are not using the system or your internet connection has low usage. That way you could not only control your hollyday appartment, but you can still se your favorite TV shows or DVD collection when you are there.
In theory this sounds good, and I agree, it should be implemented (any volunteers?). However, right now, the pipes are just not big enough atm. But in general, having linked LinuxMCE system, is something worth while.
The pipes would definitely need to be big enough to shuttle data between two cores in completely different locations (especially if they may be across a large country or even in two separate countries).
As for implementing this into LinuxMCE, posde mentioned to me earlier that it would be best to make the script a new screen to the initial setup wizard where people can select what users to add and it would also allow for the other information to be entered in the initial set up (the same should be done for the Postfix install)... Any volunteers to implement this for OpenVPN and Postfix?
-
I agree that using vpn to link cores and share information is a great idea. Linking cores would be great for syncing user information, lights, climate, security, automation, etc. I would want to monitor and control a remote location, and receive alerts from the remote location. Also, the vpn pipe doesn't need to be active all the time. openvpn makes the connection within a couple seconds and the core should initiate the connection only when needed. A constant vpn pipe could impact your wan bandwidth, and piss off your ISP.
I am willing to help in any way I can.
-
I am willing to help in any way I can.
Thanks for the work you've done so far donpaul and for assisting to work on this further. Thom and I will have a planning session to discuss how we should proceed with bring this idea to fruition. The first thought is to work on getting OpenVPN implemented into LinuxMCE. A wizard screen in the web admin should be created for that. Do you think you would be able to work on that?
Also, don't forget that we have an IRC channel that makes things easier to converse about these kinds of things. I don't want to move the conversation to IRC, but just wanted to let yall know about it... IRC chat room found information found here: #linuxmce-devel (http://wiki.linuxmce.org/index.php/Chat)
-
Yes, I will help as best I can. I'll need to find out how to get to and edit the code.
-
I'll help if I can. I have loads of experience of Openvpn.
-
The code can be retrieved with subversion, here:
http://svn.linuxmce.org/svn/branches/LinuxMCE-0810
you should put this in a place such as /home/src
The web admin bits are in the web/ folder. While source for various scripts are usually in src/BootScripts and a few other places.
-Thom
-
donpaul and zug, do you guys have all you need to get working on this?
-
donpaul,
zug is working on some of this now... Please reach out to him to assist.
-
LMCE with OpenVPN on a bootable USB stick? Just a thought. :)
-
Lets work on getting it integrated first...
-
Of course, I was just thinking out loud.
-
Just wondering... What would be the benefit of OpenVPN and LinuxMCE on a bootable USB stick? Is it just a cool factor or...?
-
I checked out the code, but I'm not sure how much I can help with the web admin part. I don't know PHP as well as I'd like, but I'll give it a look. I can certainly help out with architecture, OpenVPN itself and anything on the OS.
A page could be added to the network section and collect name/country/state/email/etc, then pass it to the script to configure openvpn. The Wizard/User section could be modified to collect user information and pass it to the user script to create the user cert. Then present the tar file as a download link for each user. I wish I knew php well enough to write it myself.
Also, the firewall rules should be changed to allow UDP port 1194 to the core.
-
I can certainly help out with architecture, OpenVPN itself and anything on the OS.
Reach out to zug. He was in the IRC chat today and talked about working on the webmin part, among other things... I know he's done some work already. One thing you can begin to think about would be how we can connect cores in different locations and secure everything around it... Also, zug brought up an idea to use a CA or PKI for this... Maybe you can work on ideas for that.
-
FYI, I modified the scripts to optionally take arguments.
To configure openvpn:
./Configure_OpenVPN.sh "name" email country state
To configure users:
./Configure_OpenVPN_Users.sh "name" email country state username WAN-IP
-The user's openvpn package will be found at \\dcerouter\public\lmce-$username.tar
My scripts setup the CA/PKI on the core. All that is needed is a webadmin page to pass the arguments. It would be very easy to then link cores. Each core could simply be a user, and configured as such.
-
Has anyone else used this script yet? I run into errors when trying to start the vpn daemon.
28016 Mon May 11 14:43:11 CDT 2009 Unlock 'Firewall' (Firewall)
28016 Mon May 11 14:43:11 CDT 2009 Unlock 'Firewall' (Firewall) success
Stopping virtual private network daemon:.
Starting virtual private network daemon: lmce-server(FAILED).
dcerouter_108183:/usr/pluto/bin# openvpn lmce-server.conf
Options error: In [CMD-LINE]:1: Error opening configuration file: lmce-server.conf
Use --help for more information.
dcerouter_108183:/usr/pluto/bin# openvpn lmce-server
Options error: In [CMD-LINE]:1: Error opening configuration file: lmce-server
Use --help for more information.
-
I will add my notes in progress here as well.
I do have some experience with OpenVPN as I have setup a couple VPNs with it in the past.
To start off with, these are the immediate issues i noticed (I still havent gotten it to work yet):
1) There is really no need to ask for personal information for self-signed certs. Canned info is just fine.
2) Paths in the config file may need to be absolute.
3) Config file looks for ta.key, should be looking for lmce-ta.key.
4) There is no server.crt anywhere that i can find.
I will continue working this stuff out to see how to best solve the issues.
I also have considerable experience with php and am willing to tackle the web admin stuff. Will just need to figure out exactly what the web pages need to do.
-
I think I put the wrong scripts up, before I made some corrections, I'll upload the correct ones in a bit.
-
there were two places that I found ta.key in the lmce-server.conf file, I replaced them both with lmce-ta.key and still got the error
Starting virtual private network daemon: lmce-server(FAILED).
-
I uploaded the correct scripts, let me know how it goes. I tested it on mine and it worked, but we'll see.
-
I re-downloaded the script and still seem to have issues
cp: cannot stat `/etc/openvpn/easy-rsa/keys/ca.crt': No such file or directory
cp: cannot stat `/etc/openvpn/easy-rsa/keys/server.crt': No such file or directory
cp: cannot stat `/etc/openvpn/easy-rsa/keys/server.key': No such file or directory
25829 Mon May 11 16:32:45 CDT 2009 WaitLock 'Firewall' (Firewall)
25829 Mon May 11 16:32:45 CDT 2009 WaitLock 'Firewall' (Firewall) success
Clearing firewall
Enabling packet forwarding
Setting up firewall
Setting up forwarded ports
Source port: 3080/tcp; Destination: 127.0.0.1:80
Source port: 21/tcp; Destination: 192.168.80.254:21
Source port: 1194/tcp; Destination: 192.168.80.1:1194
Source port: 3877/tcp; Destination: 192.168.80.1:3877
Opening specified ports to exterior
Port: 4569:4569/udp
Port: 5060:5060/udp
Port: 2000:2000/udp
Port: 2000:2000/tcp
Port: 22:22/tcp
Port: 55237:55237/tcp
25829 Mon May 11 16:32:46 CDT 2009 Unlock 'Firewall' (Firewall)
25829 Mon May 11 16:32:46 CDT 2009 Unlock 'Firewall' (Firewall) success
Stopping virtual private network daemon:.
Starting virtual private network daemon: lmce-server(FAILED).
-
Damnit, lol. I'll work it out.
-
Ok. So I modified the script to first remove any existing openvpn package and any configuration. This was a good idea anyway so that nothing gets hosed if the script is run a second time. Anyway, grab it again, and you should be good to go.
cd /usr/pluto/bin ; wget http://donpaul.info/configure_openvpn.tar ; tar -xvf configure_openvpn.tar ; ./Configure_OpenVPN.sh
-
thanks donpaul... Zug, how's the webadmin stuff going?
-
Good news! Looks like the VPN daemon is up and running on the server. Now I just need to figure out how to set up the client and I will be good to go.
Big thanks to DonPaul for sticking with me.
-Krys
-
Alright, so I copied the user config file from the \\dcerouter\public to the config folder on my client computer. I right click on lmce-user1.ovpn to open the VPN and I get some TLS errors
TLS Error: TLS key negotiation failed to occur within 60 seconds
TLS Error: TLS handshake failed
The only other thing that sticks out to me is it says
WARNING: No server certificate verification method has been enabled.
Any ideas?
-Krys
-
Thanks for helping me test it, Krys. Can you verify that you have all of the files needed in the tar, and in your openvpn conf dir? If so, and if it still doesn't work, run the Configure_Users.sh script again and copy the new files over.
lmce-user1.ovpn
user1.crt
user1.key
lmce-ca.crt
lmce-ta.key
-
They are all there, plus I have one additional file lmce-user1.conf
I copied the files over via ftp, I wasnt actually on the network... I assume that is ok?
I will re-run the user config and see if that helps.
-Krys
-
alrighty, tried running user config again and with the new user I get the same error as with the previous one
-Krys
you might wait to mess with it till I get a chance to try it outside of my office... our firewall could be the problem.
-
FTP should be fine. The error you had seems to indicate that the lmce-ta.key doesn't match. You can view the .key and .crt files on the server and your clients, they should all match. If not, that is your problem. If they all match, there could be a firewall issue.
-
UPDATE: To enable NAT (so that we can get out to the internet while on VPN), a line is needed at the bottom of /usr/pluto/bin/Network_Firewall.sh
iptables -t nat -A POSTROUTING -s 10.8.0.0/255.255.255.0 -d ! 10.8.0.0/255.255.255.0 -o $ExtIf -j MASQUERADE
I will add it to my script tonight. But if anyone currently has openvpn configured, you should add it manually and run the Network_Firewall.sh script.
-
Have we made the a 100% working script to be implemented into 0810?
Also, how is the webadmin portion going?
-
I had to change the scripts to reflect the addition of easy-rsa 2.0, but it was just adding the /2.0 on the end of /etc/openvpn/easy-rsa in a few places. Other than that, they work great. That being said, they default to tun interface on port 1194, so if you want anything different, the generated lmce-server.conf, conf/ovpn files in the user tarballs, and Network_Firewall.sh script still need to be edited by hand.
:Matt
-
I had to change the scripts to reflect the addition of easy-rsa 2.0, but it was just adding the /2.0 on the end of /etc/openvpn/easy-rsa in a few places. Other than that, they work great. That being said, they default to tun interface on port 1194, so if you want anything different, the generated lmce-server.conf, conf/ovpn files in the user tarballs, and Network_Firewall.sh script still need to be edited by hand.
:Matt
Hi,
did I understand right, you've setup OpenVPN under 8.10? If yes, please put instructions on wiki - it will be helpful to others...
Thanks ,
regards,
Bulek.
-
It'd be very helpful for the rest people if you update the existing article (http://wiki.linuxmce.org/index.php/VPN) about VPN in the wiki.
-
any updates on creating a script/patch for this?
-
I wonder if pptp would be easier and more widely accepted? Obviously SSL (OpenVPN) is superior to PPTP, but SSL clients are not always available.
-
i'm not sure you guys completely get it... The point is to provide a COMPLETE END TO END SOLUTION.
So that means, we do both the server end, and provide a pre-configured client to connect in.
-Thom
-
i'm not sure you guys completely get it... The point is to provide a COMPLETE END TO END SOLUTION.
So that means, we do both the server end, and provide a pre-configured client to connect in.
-Thom
I get it Thom, I just enjoy sharing my finds and progress - that's the point of open source right? :) I was excited to vpn into the core with my iPhone and make free sip phone calls from Jamaica, and launch the web orbiter to control my house. I think there is value in building some powerful and secure server features that more knowledgeable users can enjoy, even if we can't provide a complete end to end solution right away. Agree?
I have already began trying a script to configure the windows vpn client, but I can't provide a client for the iPhone, besides that would be silly since the iPhone has the built in client. There is no reason we can't use openvpn and pptp, then provide the openvpn client and/or the pptp client configuration. I am working on it in my spare time, which has been extremely scarce lately - sorry.
-
cp: cannot stat `/etc/openvpn/easy-rsa/keys/ca.crt': No such file or directory
cp: cannot stat `/etc/openvpn/easy-rsa/keys/server.crt': No such file or directory
cp: cannot stat `/etc/openvpn/easy-rsa/keys/server.key': No such file or directory
25829 Mon May 11 16:32:45 CDT 2009 WaitLock 'Firewall' (Firewall)
25829 Mon May 11 16:32:45 CDT 2009 WaitLock 'Firewall' (Firewall) success
Clearing firewall
Enabling packet forwarding
Setting up firewall
Setting up forwarded ports
Source port: 3080/tcp; Destination: 127.0.0.1:80
Source port: 21/tcp; Destination: 192.168.80.254:21
Source port: 1194/tcp; Destination: 192.168.80.1:1194
Source port: 3877/tcp; Destination: 192.168.80.1:3877
Opening specified ports to exterior
Port: 4569:4569/udp
Port: 5060:5060/udp
Port: 2000:2000/udp
Port: 2000:2000/tcp
Port: 22:22/tcp
Port: 55237:55237/tcp
25829 Mon May 11 16:32:46 CDT 2009 Unlock 'Firewall' (Firewall)
25829 Mon May 11 16:32:46 CDT 2009 Unlock 'Firewall' (Firewall) success
Stopping virtual private network daemon:.
Starting virtual private network daemon: lmce-server(FAILED).
I just downloaded and ran the script, and got the same errors krys_ got before.
-
I just downloaded and ran the script, and got the same errors krys_ got before.
I have intergrated PPTP vpn into LinuxMCE, if you would rather go that route.
http://forum.linuxmce.org/index.php?topic=8767.15
When I get a minute, I'll take a look at the OpenVPN script.
-
My reason for wanting to try openvpn, fyi, is as follows:
My workplace has a seriously draconian IT policy, dispite being a small company. I have HTTP, HTTPS (thankfully), FTP, RDP, and not much more in the way of non-firewalled ports. I want to use my core at home as a proxy to allow me unrestricted web communications. I can use ssh tunnelling via putty for most things, but not anything UDP (such as my office IAX/SIP softphone). I tried to ssh tunnel port 1723 to my core, and tried to establish a pptp vpn connection to no avail. Apparently it uses another protocol in tandem with tcp port 1723 (called GRE or something).
I'm interested to know if OpenVPN can do what I want, especially since it uses SSL which is supposedly UDP friendly.
-
I just downloaded and ran the script, and got the same errors krys_ got before.
Did you run the script as root? I never get those errors when run as root. I will be making changes and incorporating OpenVPN into LinuxMCE web admin soon.
-
Did you run the script as root? I never get those errors when run as root. I will be making changes and incorporating OpenVPN into LinuxMCE web admin soon.
Yes, I ran as root.
After the script terminates the contents of /etc/openvpn/easy-rsa/ are as follows:
1.0 2.0 build.sh
There is no /keys directory.
-
Did you run the script as root? I never get those errors when run as root. I will be making changes and incorporating OpenVPN into LinuxMCE web admin soon.
Yes, I ran as root.
After the script terminates the contents of /etc/openvpn/easy-rsa/ are as follows:
1.0 2.0 build.sh
There is no /keys directory.
ok, I see the problem. I'll fix it.
-
I fixed it (I hope), grab the latest tar from donpaul.info and give it a shot.
-
Sorry! Not yet ;)
#ls /etc/openvpn/easy-rsa/2.0/
build-ca build-key-server list-crl revoke-full
build-dh build-req Makefile sign-req
build-inter build-req-pass openssl-0.9.6.cnf.gz vars
build-key build.sh openssl.cnf whichopensslcnf
build-key-pass clean-all pkitool
build-key-pkcs12 inherit-inter README.gz
There's no /keys directory here either... I'm not sure why the keys aren't being generated in their proper location.
-
I'm not sure build.sh is running from Configure_OpenVPN_Keys.sh... when I run the script manually it generates the keys directory along with all the keys, but does not do this when run from Configure_OpenVPN_Keys.sh
I don't know anything much about .sh scripts, but is the spawn syntax correct?
EDIT: the problem is that the 'expect' package is not installed by default. Add it to the list of packages installed in the script.
-
I'm not sure build.sh is running from Configure_OpenVPN_Keys.sh... when I run the script manually it generates the keys directory along with all the keys, but does not do this when run from Configure_OpenVPN_Keys.sh
I don't know anything much about .sh scripts, but is the spawn syntax correct?
EDIT: the problem is that the 'expect' package is not installed by default. Add it to the list of packages installed in the script.
Excellent, thanks. Will add it.
-
Are we closer to making this solid and adding this to the next release?
-
Yes... closer. I am going to run/test it on a fresh 810 soon.
-
thanks!
-
I have made changes for 8.10, and integrated it into the lmce-admin. I am running through the test, and so far so good. If anyone has a suggestion, now is the time.
(http://donpaul.info/openvpn.png)
-
This looks sweet...
I like the "Delete User" button - that was missing from the PPTP implementation.
I'm not sure if there is an easy way to do this - but we do have the hostname if the user configures the DDNS, maybe it could show up here? If the user has a static IP, a "detect external IP" button would be nice too.
Does this already open up the proper ports in the firewall?
Great work, thanks.
-
I thought about the DDNS field, and I agree on the get IP button - good idea. I'll see what I can do for both of those.
BTW, I added a delete button to the PPTP patch.
-
Nice. Good work.
-
Status on this? Is there a Trac ticket for OpenVPN? I see one for PPTP (http://svn.linuxmce.org/trac.cgi/ticket/339) but it looks like it hasn't made it into SVN yet.
-
OpenVPN and PPTP have been combined and are on the same ticket. The SVN diff is in, so hopefully it will make it to the code soon.
-
items only make it into the next release if the alpha2 install page is updated:
http://wiki.linuxmce.org/index.php/LinuxMCE-0810_alpha2
I've added the ticket.
-
donpaul, please update this wiki site with instructions:
http://wiki.linuxmce.org/index.php/VPN
Try to also include images. Thanks!
-
Hi, I would like to access web pages on core securely from outside and have been searching various topics and wiki. I suppose this thread is the most current one - is it so? From the previous posts it looked like the OpenVPN was about to be integrated but it's been a bit quiet on this lately.
Any progress?
-
bump?
Is there any update on this?
I tried the scripts from the svn ticket and am getting errors on a current 0810 install.
thx
-Coley.
-
I solved my needs by applying these instructions: HTTPS / SSL access on the outside http://wiki.linuxmce.org/index.php/HTTPS
Works very well.
-
I have been absent for a while, but I'm back with a fresh core and will have an updated and working patch soon. Hopefully my time will allow for more contributions.
-
Uh.
Why an RPM? You do realize this is a debian distribution?
-Thom
-
I don't know, cause I like building rpm - but you're right. :) Here are the scripts in a tarball instead.
*UPDATE: Updated the vpn.tar - minor change to enable IP forward
-
Here is the updated SVN diff.
Can someone with perms update the TRAC ticket, since I get an error for spam?
http://svn.linuxmce.org/trac.cgi/ticket/339
*Modified: Updated the svn diff to 23202
-
donpaul,
Your diff is out of date its not diff'd to the latest rev (23202)
Can you update please?
thx
-Coley.
-
I added an updated svn diff, and I created a .deb package for the vpn scripts, and attached. If you want PPTP and OpenVPN, simply apply the diff patch and install the deb.
Can somebody test/add the deb to LinuxMCE repository and update the ticket?
-
Can somebody test/add the deb to LinuxMCE repository and update the ticket?
We don't add the deb itself, but would prefer to have the source to the deb, so we can build the deb it as part of our regular building process.
-
Applied the patch, installed the deb - I'm missing the file userOpenVPN.php :(
-Coley.
-
Applied the patch, installed the deb - I'm missing the file userOpenVPN.php :(
-Coley.
Ah, ok, here are the php scripts. Untar in /var/www/lmce-admin.
We don't add the deb itself, but would prefer to have the source to the deb, so we can build the deb it as part of our regular building process.
Ok, I will provide the source.
-
:) that seems to operate a bit better, tar file looks healthier.
Will see if I can get into my core from outside ( once my isp gets back to me so I can see my IP >:( )
-Coley.
-
I have a Wiki page started:
http://wiki.linuxmce.com/index.php/VPN
More to come once the captcha is fixed.
-
Here is the source.
-
donpaul,
looking at the tar, I fail to see any web admin stuff. Do I miss anything, or is the web admin stuff elsewhere?
-
donpaul,
looking at the tar, I fail to see any web admin stuff. Do I miss anything, or is the web admin stuff elsewhere?
I attached the diff svn patch and a tar of the added php scripts earlier in the thread. I did not put those in my deb source - I assumed they should go in the existing web admin package.
Let me know what I can do to help get it in the next snapshot.
-
Did this ever make it into the release? If not, can we get this in as a regular feature?
-
it has not.
I have been looking at it lately, but it will need a lot of work to make it play nice with all the other parts of lmce.
-
it has not.
I have been looking at it lately, but it will need a lot of work to make it play nice with all the other parts of LinuxMCE.
What other parts must it play nice with? And what kind of work does it need?
-
it modifies several scripts that will get overwritten by other lmce packages at the next update, most notably the firewall script.
-
The only ones that will be modified are the firewall script, and the sysctl.conf file. Both changes are required for openvpn, but not pptpd. I see no reason why the pptpd vpn can't be included, even if the changes can't be made for openvpn.
-
i didn't say it couldnt be done, just that its going to require touching some lmce stuff. and I havent really decided on the best course of action yet.
-
Thank you, Merkur2k, for investigating and working on this feature.
-
HI
Is this working ? The current wiki on vpn has broken links and was unable to install it
steve