Author Topic: OpenVPN  (Read 43566 times)

donpaul

  • Guru
  • ****
  • Posts: 300
    • View Profile
Re: OpenVPN
« Reply #45 on: May 12, 2009, 03:53:00 pm »
Thanks for helping me test it, Krys. Can you verify that you have all of the files needed in the tar, and in your openvpn conf dir? If so, and if it still doesn't work, run the Configure_Users.sh script again and copy the new files over.

lmce-user1.ovpn
user1.crt
user1.key
lmce-ca.crt
lmce-ta.key
« Last Edit: May 12, 2009, 03:54:50 pm by donpaul »

krys

  • Addicted
  • *
  • Posts: 583
    • View Profile
Re: OpenVPN
« Reply #46 on: May 12, 2009, 04:07:37 pm »
They are all there, plus I have one additional file lmce-user1.conf

I copied the files over via ftp, I wasnt actually on the network... I assume that is ok?

I will re-run the user config and see if that helps.

-Krys

krys

  • Addicted
  • *
  • Posts: 583
    • View Profile
Re: OpenVPN
« Reply #47 on: May 12, 2009, 05:03:09 pm »
alrighty, tried running user config again and with the new user I get the same error as with the previous one
-Krys

you might wait to mess with it till I get a chance to try it outside of my office... our firewall could be the problem.

donpaul

  • Guru
  • ****
  • Posts: 300
    • View Profile
Re: OpenVPN
« Reply #48 on: May 12, 2009, 05:04:43 pm »
FTP should be fine. The error you had seems to indicate that the lmce-ta.key doesn't match. You can view the .key and .crt files on the server and your clients, they should all match. If not, that is your problem. If they all match, there could be a firewall issue.

donpaul

  • Guru
  • ****
  • Posts: 300
    • View Profile
Re: OpenVPN
« Reply #49 on: May 13, 2009, 08:05:48 pm »
UPDATE: To enable NAT (so that we can get out to the internet while on VPN), a line is needed at the bottom of /usr/pluto/bin/Network_Firewall.sh

Code: [Select]
iptables -t nat -A POSTROUTING -s 10.8.0.0/255.255.255.0 -d ! 10.8.0.0/255.255.255.0 -o $ExtIf -j MASQUERADE
I will add it to my script tonight. But if anyone currently has openvpn configured, you should add it manually and run the Network_Firewall.sh script.

dlewis

  • Guru
  • ****
  • Posts: 401
    • View Profile
Re: OpenVPN
« Reply #50 on: June 03, 2009, 09:11:13 pm »
Have we made the a 100% working script to be implemented into 0810?

Also, how is the webadmin portion going?

qball4

  • Veteran
  • ***
  • Posts: 78
    • View Profile
Re: OpenVPN
« Reply #51 on: June 26, 2009, 12:29:04 am »
I had to change the scripts to reflect the addition of easy-rsa 2.0, but it was just adding the /2.0 on the end of /etc/openvpn/easy-rsa in a few places. Other than that, they work great.  That being said, they default to tun interface on port 1194, so if you want anything different, the generated lmce-server.conf, conf/ovpn files in the user tarballs, and Network_Firewall.sh script still need to be edited by hand.

:Matt

bulek

  • Administrator
  • wants to work for LinuxMCE
  • *****
  • Posts: 909
  • Living with LMCE
    • View Profile
Re: OpenVPN
« Reply #52 on: June 27, 2009, 01:33:31 pm »
I had to change the scripts to reflect the addition of easy-rsa 2.0, but it was just adding the /2.0 on the end of /etc/openvpn/easy-rsa in a few places. Other than that, they work great.  That being said, they default to tun interface on port 1194, so if you want anything different, the generated lmce-server.conf, conf/ovpn files in the user tarballs, and Network_Firewall.sh script still need to be edited by hand.

:Matt
Hi,

did I understand right, you've setup OpenVPN under 8.10? If yes, please put instructions on wiki - it will be helpful to others...

Thanks ,

regards,

Bulek.
« Last Edit: July 02, 2009, 01:20:04 am by bulek »
Thanks in advance,

regards,

Bulek.

nite_man

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1019
  • Want to work with LinuxMCE
    • View Profile
    • Smart Home Blog
Re: OpenVPN
« Reply #53 on: July 24, 2009, 02:53:47 pm »
It'd be very helpful for the rest people if you update the existing article about VPN in the wiki.
Michael Stepanov,
My setup: http://wiki.linuxmce.org/index.php/User:Nite_man#New_setup
Russian LinuxMCE community: http://linuxmce.ru

dlewis

  • Guru
  • ****
  • Posts: 401
    • View Profile
Re: OpenVPN
« Reply #54 on: August 24, 2009, 03:42:57 am »
any updates on creating a script/patch for this?

donpaul

  • Guru
  • ****
  • Posts: 300
    • View Profile
Re: OpenVPN
« Reply #55 on: August 27, 2009, 06:37:15 am »
I wonder if pptp would be easier and more widely accepted? Obviously SSL (OpenVPN) is superior to PPTP, but SSL clients are not always available.

tschak909

  • LinuxMCE God
  • ****
  • Posts: 5549
  • DOES work for LinuxMCE.
    • View Profile
Re: OpenVPN
« Reply #56 on: August 27, 2009, 06:50:36 am »
i'm not sure you guys completely get it... The point is to provide a COMPLETE END TO END SOLUTION.

So that means, we do both the server end, and provide a pre-configured client to connect in.

-Thom

donpaul

  • Guru
  • ****
  • Posts: 300
    • View Profile
Re: OpenVPN
« Reply #57 on: August 27, 2009, 04:32:56 pm »
i'm not sure you guys completely get it... The point is to provide a COMPLETE END TO END SOLUTION.

So that means, we do both the server end, and provide a pre-configured client to connect in.

-Thom

I get it Thom, I just enjoy sharing my finds and progress - that's the point of open source right? :) I was excited to vpn into the core with my iPhone and make free sip phone calls from Jamaica, and launch the web orbiter to control my house. I think there is value in building some powerful and secure server features that more knowledgeable users can enjoy, even if we can't provide a complete end to end solution right away. Agree?

I have already began trying a script to configure the windows vpn client, but I can't provide a client for the iPhone, besides that would be silly since the iPhone has the built in client. There is no reason we can't use openvpn and pptp, then provide the openvpn client and/or the pptp client configuration. I am working on it in my spare time, which has been extremely scarce lately - sorry.

davegravy

  • Addicted
  • *
  • Posts: 551
    • View Profile
Re: OpenVPN
« Reply #58 on: August 28, 2009, 08:55:52 pm »
Quote
cp: cannot stat `/etc/openvpn/easy-rsa/keys/ca.crt': No such file or directory
cp: cannot stat `/etc/openvpn/easy-rsa/keys/server.crt': No such file or directory
cp: cannot stat `/etc/openvpn/easy-rsa/keys/server.key': No such file or directory
25829 Mon May 11 16:32:45 CDT 2009 WaitLock 'Firewall' (Firewall)
25829 Mon May 11 16:32:45 CDT 2009 WaitLock 'Firewall' (Firewall) success
Clearing firewall
Enabling packet forwarding
Setting up firewall
Setting up forwarded ports
  Source port: 3080/tcp; Destination: 127.0.0.1:80
  Source port: 21/tcp; Destination: 192.168.80.254:21
  Source port: 1194/tcp; Destination: 192.168.80.1:1194
  Source port: 3877/tcp; Destination: 192.168.80.1:3877
Opening specified ports to exterior
  Port: 4569:4569/udp
  Port: 5060:5060/udp
  Port: 2000:2000/udp
  Port: 2000:2000/tcp
  Port: 22:22/tcp
  Port: 55237:55237/tcp
25829 Mon May 11 16:32:46 CDT 2009 Unlock 'Firewall' (Firewall)
25829 Mon May 11 16:32:46 CDT 2009 Unlock 'Firewall' (Firewall) success
Stopping virtual private network daemon:.
Starting virtual private network daemon: lmce-server(FAILED).

I just downloaded and ran the script, and got the same errors krys_ got before.


donpaul

  • Guru
  • ****
  • Posts: 300
    • View Profile
Re: OpenVPN
« Reply #59 on: August 28, 2009, 10:16:16 pm »

I just downloaded and ran the script, and got the same errors krys_ got before.


I have intergrated PPTP vpn into LinuxMCE, if you would rather go that route.

http://forum.linuxmce.org/index.php?topic=8767.15

When I get a minute, I'll take a look at the OpenVPN script.