Networking :: Setup OpenVPN To Use A Third Party CA?
Mar 31, 2010
I'm trying to setup OpenVPN to use a third party CA, and its unclear to me how to use the serial and index.txt files that are created when one uses the easy-rsa scripts to setup OpenVPN. If i'm using my own CA can I ignore those? Its also unclear to me how OpenVPN figures out the server.key passphrase. I'd also like to leverage the --tls-verify cmd directive but I am unsure of where to specify it.
What I would like to do is have --tls-verify call a perl script that then verifies that the CN of the certificate the client is passing in matches a cn in an LDAP group. I figure I can do the LDAP group lookup with some easy perl stuff, its unclear to me though if --tls-verify is going to pass in the RDN of the client cert.
View 2 Replies
ADVERTISEMENT
Feb 25, 2010
Alright, I've been trying to get this fixed on my own, but I think I am missing a fundamental principle and no amount of scripts or hacks is gonna take place of that. I have adito/OpenVPN installed on my media center. It runs fine and I can access adito in my internal network from other computers just fine. But, the whole point is I want to be able to access it remotely!
Now, I had previously made a run at an external FTP site and failed miserably at that, and I think its all coming down to me not knowing how to configure my own router. I have a Netgear router, I can log into it and under Router status I can get what looks to be my routers external IP address. But if I try to access it at https://XXX.XXX.XXX.XXX:4433 (didn't want to use the default port, 443) I get nothing.
So, my main problems as I understand them are:
1)I need to clear the firewall on my router to allow traffic in/out of my reserved port
2)I need to forward incoming requests on that port to the static internal IP of my media center
3)I really would like a more reliable way to verify the info im getting from my routers admin settings page is actually my external IP, is there a command for this or a website that will tell me?
View 2 Replies
View Related
Apr 3, 2010
I'm trying to setup OpenVPN in order to connect back to my home network while traveling for secure browsing and such. However, before I can even start trying to set that up I tried to see if I could open port check my computer through the net. And I'm having a hard time doing that.
As far as I can tell, here are my roadblocks:
1. Is ISP (Qwest) blocking my ports?
2. Is my modem doing the proper port forwarding and firewall?
3. Is my router doing the same?
4. Is my firewall on the computer allowing the request?
To minimize sources of error, I've turned off my local and router firewall and setup my router to forward ports. I'm not to familiar with my modem, but I'm pretty sure that the firewall is turned off by default and I think I've done port-forwarding correctly. But still no success when doing an open port check. At this point I don't know how to diagnose the problem.
View 2 Replies
View Related
Apr 5, 2010
i have some problems with configuring openvpn tunnel connection to my openvpn server. I'm using static-key tcp connection. Network manager always said to me that connection could not be established. Also, when i try to run openvpn from terminal, i got some strange permissions problem:
Code:
openvpn --config config.ovpn
Mon Apr 5 15:48:37 2010 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009
Mon Apr 5 15:48:37 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Apr 5 15:48:37 2010 /usr/sbin/openvpn-vulnkey -q moj.key
[code]....
View 1 Replies
View Related
Mar 15, 2011
I'm trying to setup a OpenVpn on my Ubuntu 10.04 and after doing the configs from here: [URL] I get an error:
[Code]....
View 1 Replies
View Related
Dec 10, 2010
Can anyone recommend a good tutorial in how to use/setup a VPN using openVPN? I've registered with strongvpn.com but am a complete newb to setting up VPN on Ubuntu.
View 1 Replies
View Related
Jan 31, 2010
I need to know the procedure to setup VPN between two network. i setup openvpn access server to do this easy. 1. Step by step procedure to setup VPN 2. Setup VPN with DHCP 3. How to check that open vpn is running successfully.
View 1 Replies
View Related
Dec 7, 2010
I am trying to setup an OpenVPN server using CentOS 5. I ahve installed everything, configs are good, server starts fine. I have generated my certificates using the easy-rsa 2.0 included with OpenVPN. I have downloaded all the certificates to my machine and setup my client to connect. I am having that typical problem everyone seems to have where my client says certificate verify failed. However I can use openssl on the server to verify and it is ok. What am I doing wrong here?
Code:
[root@GSFOVPNxxx01 openvpn]# openssl verify -CAfile ca.crt gg-jbloomer.crt
gg-jbloomer.crt: OK
[root@GSFOVPNxxx01 openvpn]#
client output
Code:
2010-12-07 08:44:33 MANAGEMENT: CMD 'hold release'
[Code]...
I just dont get it, I have racked my brain and google until my eyes bleed and can not figure this one out.I am sure it is something simple that I am missing.
View 5 Replies
View Related
Feb 22, 2010
We have installed "openVPN" from openSUSE 11.2 repo and "openVPN - webmin module" (GUI).What it needs to be done .. "Road Warriors" need to be able to access websites through openSUSE box sitting in the data center, from remote locations (hotel, coffe shops, wi-fi hot spots,..)We're half way there but it gets stucked somewhere with the IP's
View 6 Replies
View Related
Sep 1, 2011
I'm currently trying to set up OpenVPN on my Ubuntu Server, however I'm having trouble setting up bridging. I am following the tutorial for bridging that is located on the Wiki here: [URL] At the current time my /etc/network/interfaces looks like this (default from Ubuntu install):
[Code]...
View 9 Replies
View Related
Apr 12, 2010
I am trying to setup a VPN on my FC 12 box. Looks like getting openvpn to work behind NAT is as easy as just forwarding the ports. Do I need to forward any specific protocols (GRE, etc)? Also, can I do this with one Ethernet port (IE: RJ-45 jack), or do you recommend a second ethernet port? I could add in another PCI ethernet card if it makes it easier. Anyone know if a single ethernet jack will work or do I need two?
View 2 Replies
View Related
Sep 9, 2010
I'm following this guide [URL]. I am trying to use a bridge to vpn from work to home.
/etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto br0
iface br0 inet dhcp
bridge_ports eth0
iface eth0 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
I am forced to use dhcp because of my router. (although it is a static lease) I think this is where I am hung up. Everything else seems to be working properly though. I have a windows client connecting but is limited to the server serving out openvpn. (192.168.1.21) In other words it is not functioning as a bridged vpn service.
ifconfig
openvpn server.conf
local 192.168.1.21
port 1199
proto udp
dev tap0
up "/etc/openvpn/up.sh br0"
down "/etc/openvpn/down.sh br0"
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.1.21 255.255.255.0 192.168.1.100 192.168.1.200
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
View 2 Replies
View Related
Jan 17, 2011
I am trying to setup an OpenVPN server in bridged mode (Ubuntu 10.04 Lts). The goal is for the clients to be able to reach all the servers behind Openvpn server's lan. I have followed the official OpenVPN guide for Ubuntu 10.04.
My network setup is:
Private lan: 10.90.90.0-255 255.255.255.0
Gateway: 10.90.90.1
Openvpn server ip: 10.90.90.8
Gateway public ip: 79.xxxxxxxxx
I have forward port 1195 to the Vpn server through my gateway firewall.Besides that no other firewall is running.I can connect and ping the server both from windows and ubuntu clients. The difference is that from windows I can reach the private lan but not from ubuntu clients.
View 2 Replies
View Related
Sep 10, 2010
I need to execute scripts to setup the bridge after openvpn is restart. Where do I put the scripts? How do I get openvpn to execute them?
View 2 Replies
View Related
Feb 11, 2010
Did not find frimware other than from vendor. I checked openwtr, dd-wrt, tomato frimware. Have 2 broband routers. Standard wi-fi B. They can work as switch, router or gateway.
[Code]...
View 1 Replies
View Related
Aug 9, 2010
i have installed openvpn and config it for a tunnel. my server.conf and client,conf is as follow:
server.conf
port 1194
proto udp
[code]...
View 1 Replies
View Related
Feb 13, 2010
I want to configure a VPN over the Internet.I installed the 'openvpn' package, generated the key file, transfered it by a secure way to the client, and setted up the configuration file.
So, in that configuration file I input the IP addresses of the tunneled interfaces. Both IPs are static in the tunnel.
Then, I've heard somewhere that I can assign a dynamic configuration IP for the client. I do this registering a range.
Well, when I tried to change static IP to dynamic IP (changing '192.168.0.2' to '192.168.0.0/24') in the configuration file, the OpenVPN didn't work.
Obviously I don't know what I'm doing, and I really, don't believe that simply changing the IP will make it work, but I tried.
I hope I explained my problem as well.
My configuration file:
# OpenVPN Server Configuration File
dev tun 0
ifconfig 192.168.0.1 192.168.0.2
cd /etc/openvpn
secret key_file
In client I execute the 'openvpn' without the '--daemon' parameter.Then I want that my client uses a IP in a range (192.168.0.0/24, for example), instead of a static IP (192.168.0.2).I also thought to use a DHCP server, but I'm not sure that will work.
View 6 Replies
View Related
Jul 13, 2011
I have been trying to set up openVPN on a Virtual Machine running Ubuntu 10.04 with the eventual intention of having a closed VPN in the workspace I'm at, and a bridged internet connection out through the server.My initial process/instinct was to go through Webmin. After a fair bit of tooling around making eys/certificates, I was able to get a response (and that's all it was, really) from my windows machine accessing the VPN server. However, in my attempt to bridge the network, I have lost all internet/networking capabilities from the server.Fortunately I am able to access the server directly from the hardware underneath (i.e. I don't need to SSH in or anything), and so I've been attempting to restore the server's networking back to default. I have returned the /etc/network/interfaces file to it's original state (just the loop, and an eth0 on dhcp) and restarted the networking. A check with ifconfig returns what seems to be a working eth0, and the loop (noting else) however I am unable to ping any outside server. When I do, I am given the message:From XXX.XXX.XXX.XXX icmp_seq=1 Destination Host Unreachable(where of course XXX is my IP address).nother VM on the server is able to access the internet just fine, so it's not the overall server hardware...I guess at this point I'm just trying to take steps back,
View 1 Replies
View Related
May 7, 2010
I have set up OpenVPN for my connection. I'm using this to connect to the internet from different locations using tunnelling.
Right now I have a few IP's : on eth0 I have IP from my ISP, on eth0:1 I have my own IP.I set up MASQUERADE to eth0 - but in this case when I try to access my restricted resources IP address from ISP is visible.
What I want is to use my own IP address from eth0:1 - could somebody help me to build good working redirect entry for that? I want to redirect all connections to that IP assigned on eth0:1... - just to access Internet using my IP.
View 3 Replies
View Related
May 14, 2009
i've set up an openvpn server (with dhcp running on it) and i have to create compatible clients.the problem is how to get an ip by dhcp.with ubuntu i made a script like this
/sbin/ifconfig tap0 up
/sbin/dhclient -e tap0
and everything works fine:tap0 goes up and then start a dhcp request to the server on tap0with fedora there is a nice problem i've noticed that is impossible to run dhclient later on a new interface because i receive this error "dhclient is already running".the tap0 goes up normally but i receive this error when i attempt to get an ip.is there a simple way to get an ip?if i try to kill or restart dhclient when the vpn tunnel is up,all'interfaces lost theirs ip and network goes down crashing my vpn...
View 9 Replies
View Related
Nov 27, 2009
Is there anyway you can configure either OpenVPN client or the system to allow connections using OpenVPN to be made to computers on the OpenVPN network using their alias rather than their IP address. This may sound blasphemous but you can in Windows. That is if the VPN network is say 10.x.0.x I could connect to Comp4 or Comp2 using Comp4 or Comp2 not 10.x.0. 4 or 10.x.0.2 or whatever IP is allocated by the OpenVPN server. If the OpenVPN server has not been restarted then it will usually allocate the same IP every time the same client connects.
View 8 Replies
View Related
Jun 12, 2011
I installed fedora15, My openvpn didn't connect to my working computer.I checked openvpn configure more time, but still don't connect,
View 11 Replies
View Related
Dec 12, 2010
> sudo apt-get install openvpn bridge-utils
> Reading package lists... Done
> Building dependency tree... Done
> Reading state information... Done
> E: Couldn't find package openvpn
View 1 Replies
View Related
Mar 1, 2011
I have access to a VPN I use when having confidential instant messaging sessions. For the purposes of my work, essentially.I'm a command line kind of guy, and like to use Finch (the shell version of Pidgin) for those.However, when I turn on my OpenVPN connection it routes all traffic through the VPN. Web-browsing, IMing, and I can no longer access other machines on my home network.Can I set OpenVPN to only route traffic I ask through that connection (either by port number or application, or some way I haven't thought of), while other traffic flows through my usual home network?Some kind of local proxy perhaps? Or a dd-wrt box set up as a proxy, connected to OpenVPN?I've played around with the GUI environment too (I have a basic GUI I sometimes use on my main machine) and have installed the full desktop 10.10 on a second machine just to see if I can work it out.
View 2 Replies
View Related
Jul 31, 2009
Is it possible to set up an OpenVPN without having to issue keys or certificates.All tutorials I found seem to use them.
I want just a basic username/password approach - I don't care that much about security obviously but is it at all possible?
View 1 Replies
View Related
Mar 2, 2010
i recently rent a VPS and installed with CENTOS 5 64bit, i followed a tutorial to install openVPN to bridge traffic to my windows machine.
View 3 Replies
View Related
May 20, 2011
My boss gave me the task (on a very tiny budget) of wanting to connect our remote offices to our network. Solution I came up with is Site-to-Site VPN.
I want to use OpenVPN on the Linksys Routers (again very tiny budget) and have them connect to our Cisco ASA5505 Firewall, but I am running into major problems.
Question is, even though they both use IPSec SSL are they compatible? If not, is there a work sround?
View 1 Replies
View Related
May 23, 2011
I'd like to configure IPtables to make sure I can only access the internet through an openvpn connection (so when the connection is down I have no way to access the internet but to connect to the vpn again).
I know how to do this with Firestarter (restrictive outgoing policy and I only allow the vpn server IPs) but Firestarter seems to be stupid : for some reason eth0 was changed to eth1 and Firestarter can't work properly anymore, even though that probably can be fixed with Firestarter I'm no more interested in this program and I'd better like to know how to apply the same policy using IPtables.
I've tried a few things already but it failed each time ... how can I effectively allow my computer to connect to the VPN while everything else is blocked ?
View 3 Replies
View Related
Dec 10, 2010
I have installed OpenVPN to use it as an internet gateway butcan't get it to work.OpenVPN installed without any problem. The client can also connect and ping the server but there is no internet traffic.I think it is because of a wrong gateway address which the client gets but I'm not sure. server IP address is 10.8.0.1 and the client can ping this IP but it's default gateway is always 10.8.0.5 which is not accessible from the client.This is my server.conf:
Code:
dev tun
proto tcp
[code]...
View 7 Replies
View Related
Aug 21, 2010
I'm using OpenVPN to connect to a remote system. When I run
Code:
It brings up a new tunnel interface. The problem is that once the tun interface is brought up and the VPN is established, my whole Internet connection slows to a crawl.
Here is the output from ip route show before openvpn:
Code:
And after openvpn:
Code:
View 2 Replies
View Related
