Author Topic: OpenVPN  (Read 13612 times)

davegravy

  • Addicted
  • *
  • Posts: 525
    • View Profile
Re: OpenVPN
« Reply #60 on: August 29, 2009, 03:52:49 pm »
My reason for wanting to try openvpn, fyi, is as follows:

My workplace has a seriously draconian IT policy, dispite being a small company. I have HTTP, HTTPS (thankfully), FTP, RDP, and not much more in the way of non-firewalled ports. I want to use my core at home as a proxy to allow me unrestricted web communications. I can use ssh tunnelling via putty for most things, but not anything UDP (such as my office IAX/SIP softphone). I tried to ssh tunnel port 1723 to my core, and tried to establish a pptp vpn connection to no avail. Apparently it uses another protocol in tandem with tcp port 1723 (called GRE or something).

I'm interested to know if OpenVPN can do what I want, especially since it uses SSL which is supposedly UDP friendly.

donpaul

  • Guru
  • ****
  • Posts: 300
    • View Profile
Re: OpenVPN
« Reply #61 on: August 31, 2009, 08:02:19 pm »
I just downloaded and ran the script, and got the same errors krys_ got before.

Did you run the script as root? I never get those errors when run as root. I will be making changes and incorporating OpenVPN into LinuxMCE web admin soon.

davegravy

  • Addicted
  • *
  • Posts: 525
    • View Profile
Re: OpenVPN
« Reply #62 on: August 31, 2009, 09:20:27 pm »
Did you run the script as root? I never get those errors when run as root. I will be making changes and incorporating OpenVPN into LinuxMCE web admin soon.

Yes, I ran as root.

After the script terminates the contents of /etc/openvpn/easy-rsa/ are as follows:

1.0  2.0  build.sh

There is no /keys directory.


donpaul

  • Guru
  • ****
  • Posts: 300
    • View Profile
Re: OpenVPN
« Reply #63 on: August 31, 2009, 10:28:22 pm »
Did you run the script as root? I never get those errors when run as root. I will be making changes and incorporating OpenVPN into LinuxMCE web admin soon.

Yes, I ran as root.

After the script terminates the contents of /etc/openvpn/easy-rsa/ are as follows:

1.0  2.0  build.sh

There is no /keys directory.



ok, I see the problem. I'll fix it.

donpaul

  • Guru
  • ****
  • Posts: 300
    • View Profile
Re: OpenVPN
« Reply #64 on: August 31, 2009, 10:38:32 pm »
I fixed it (I hope), grab the latest tar from donpaul.info and give it a shot.

davegravy

  • Addicted
  • *
  • Posts: 525
    • View Profile
Re: OpenVPN
« Reply #65 on: September 01, 2009, 10:13:28 pm »
Sorry! Not yet  ;)

#ls /etc/openvpn/easy-rsa/2.0/

build-ca          build-key-server  list-crl              revoke-full
build-dh          build-req         Makefile              sign-req
build-inter       build-req-pass    openssl-0.9.6.cnf.gz  vars
build-key         build.sh          openssl.cnf           whichopensslcnf
build-key-pass    clean-all         pkitool
build-key-pkcs12  inherit-inter     README.gz

There's no /keys directory here either... I'm not sure why the keys aren't being generated in their proper location.

davegravy

  • Addicted
  • *
  • Posts: 525
    • View Profile
Re: OpenVPN
« Reply #66 on: September 01, 2009, 10:52:12 pm »
I'm not sure build.sh is running from Configure_OpenVPN_Keys.sh... when I run the script manually it generates the keys directory along with all the keys, but does not do this when run from Configure_OpenVPN_Keys.sh

I don't know anything much about .sh scripts, but is the spawn syntax correct?

EDIT: the problem is that the 'expect' package is not installed by default. Add it to the list of packages installed in the script.
« Last Edit: September 01, 2009, 11:04:02 pm by davegravy »

donpaul

  • Guru
  • ****
  • Posts: 300
    • View Profile
Re: OpenVPN
« Reply #67 on: September 04, 2009, 04:23:06 pm »
I'm not sure build.sh is running from Configure_OpenVPN_Keys.sh... when I run the script manually it generates the keys directory along with all the keys, but does not do this when run from Configure_OpenVPN_Keys.sh

I don't know anything much about .sh scripts, but is the spawn syntax correct?

EDIT: the problem is that the 'expect' package is not installed by default. Add it to the list of packages installed in the script.

Excellent, thanks. Will add it.

dlewis

  • Guru
  • ****
  • Posts: 401
    • View Profile
Re: OpenVPN
« Reply #68 on: September 15, 2009, 09:55:31 pm »
Are we closer to making this solid and adding this to the next release?

donpaul

  • Guru
  • ****
  • Posts: 300
    • View Profile
Re: OpenVPN
« Reply #69 on: September 15, 2009, 10:40:11 pm »
Yes... closer. I am going to run/test it on a fresh 810 soon.

dlewis

  • Guru
  • ****
  • Posts: 401
    • View Profile
Re: OpenVPN
« Reply #70 on: September 16, 2009, 03:30:11 am »
thanks!

donpaul

  • Guru
  • ****
  • Posts: 300
    • View Profile
Re: OpenVPN
« Reply #71 on: September 18, 2009, 11:10:19 pm »
I have made changes for 8.10, and integrated it into the lmce-admin. I am running through the test, and so far so good. If anyone has a suggestion, now is the time.


jimbodude

  • Guru
  • ****
  • Posts: 372
    • View Profile
Re: OpenVPN
« Reply #72 on: September 18, 2009, 11:43:12 pm »
This looks sweet...

I like the "Delete User" button - that was missing from the PPTP implementation.

I'm not sure if there is an easy way to do this - but we do have the hostname if the user configures the DDNS, maybe it could show up here?  If the user has a static IP, a "detect external IP" button would be nice too.

Does this already open up the proper ports in the firewall?

Great work, thanks.

donpaul

  • Guru
  • ****
  • Posts: 300
    • View Profile
Re: OpenVPN
« Reply #73 on: September 19, 2009, 01:44:58 am »
I thought about the DDNS field, and I agree on the get IP button - good idea. I'll see what I can do for both of those.

BTW, I added a delete button to the PPTP patch.

jimbodude

  • Guru
  • ****
  • Posts: 372
    • View Profile
Re: OpenVPN
« Reply #74 on: September 19, 2009, 04:50:46 am »
Nice.  Good work.