While revoking OpenVpn client certs from Server I am getting following output:
./revoke-full client-xxxxxxx
Using configuration from /etc/openvpn/openvpn-2.0.9/easy-rsa/openssl.cnf
ERROR:Already revoked, serial number 2D
[code]....
I have openVPN working with a thirdparty CA, and validating UID entries from the client certificates in LDAP groups. My next step is to figure out OCSP to make sure revoked certificates are denied. I could dump out my CRL as a nightly job, but that of course presents a window where a revoked certificate is still valid. how to dump out client certificate back to pem format? For the ldap check all i was using was the DN, which doesn't really help me for openssl/ocsp
View 5 Replies View RelatedI am using Ubuntu 10.04-alternate-amd64 for full disk encryption. After getting my updates which i get as soon as they are released. I am getting the issue temp root (sudo) password is not being revoked. After using any app that requires the use of sudo the permission for it does not get removed like it normally does.
I have tried logging out then back in, which usually removes the permission, this no longer works, also tried waiting and even after 1 hour permission still there. The only work around I have found is to use the terminal to execute the required programs then after closing terminal the temp permission is now removed like it should be. This issue has effected all of my systems and a friend of mine as well, (friend uses same distro).
To replicate issue:
1) Boot system.
2) Login.
3) Check for updates or any other app that uses root permission.
4) Logout
5) Login
6) Repeat step 3
7) App will not ask for permission it will use root permission automatically.
i have some problems with configuring openvpn tunnel connection to my openvpn server. I'm using static-key tcp connection. Network manager always said to me that connection could not be established. Also, when i try to run openvpn from terminal, i got some strange permissions problem:
Code:
openvpn --config config.ovpn
Mon Apr 5 15:48:37 2010 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009
Mon Apr 5 15:48:37 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Apr 5 15:48:37 2010 /usr/sbin/openvpn-vulnkey -q moj.key
[code]....
Is it possible to run multiple SSL enabled sites (each having it's own SSL certificate) off of one IP address, or do I need a separate IP for each one? Any links to conclusive web pages.
View 3 Replies View Relatedi have installed openvpn and config it for a tunnel. my server.conf and client,conf is as follow:
server.conf
port 1194
proto udp
[code]...
I want to configure a VPN over the Internet.I installed the 'openvpn' package, generated the key file, transfered it by a secure way to the client, and setted up the configuration file.
So, in that configuration file I input the IP addresses of the tunneled interfaces. Both IPs are static in the tunnel.
Then, I've heard somewhere that I can assign a dynamic configuration IP for the client. I do this registering a range.
Well, when I tried to change static IP to dynamic IP (changing '192.168.0.2' to '192.168.0.0/24') in the configuration file, the OpenVPN didn't work.
Obviously I don't know what I'm doing, and I really, don't believe that simply changing the IP will make it work, but I tried.
I hope I explained my problem as well.
My configuration file:
# OpenVPN Server Configuration File
dev tun 0
ifconfig 192.168.0.1 192.168.0.2
cd /etc/openvpn
secret key_file
In client I execute the 'openvpn' without the '--daemon' parameter.Then I want that my client uses a IP in a range (192.168.0.0/24, for example), instead of a static IP (192.168.0.2).I also thought to use a DHCP server, but I'm not sure that will work.
i'm trying to create a server certificate to used in PEAP authentication .I have installed freeradius on fedora10, openssl-perl , also upgrade all the packages yum upgrade
Now after changing the configuration of openssl.cnf file placed in /etc/pki/tls/openssl.cnf
I am looking for certs.sh file thats comes with freeradius package. and also CA.all & CA.certs file but i couldn't find these files in filesystem .
Is these files are present by default when freeradius and openssl-perl packages were installed or should i have to install or copy these scripts file as these files are necessary to create a certificate for server side.
I am considering getting certified in Linux Administration.
1) Which organization is best for getting certified?
2) Which books are the best?
3) What topics should one focus on?
AND (the big daddy)
4) Is it worth it to get certified if one does not have a computer science degree and wants to break in to IT?
I'm hosting a Sendmail Cyrus-Imap server on fedora 12. I recently installed a second NIC on a second internet gateway and successfully configured source based routing. Clients are able to connect over the mail.domain.com received from the gateway 192.168.0.1 to the interface 192.168.0.254. ETH0. Clients are also able to connect from pop3.domain.com and smtp.domain.com from the second gateway 192.168.1.1 to the interface 192.168.1.254. ETH1
I have cyrus-imap certs configured for the mail.domain.com and a Sendmial cert configured for mail.domain.com. My question is how would I tell sendmail and cyrus that the mail.domain.com goes out the ETH0 but deliver the second and third cert (eg cyrus sends pop3.domain.com and sendmail sends smtp.domain.com) to clients connected on ETH1?
Getting connection reset or time out when trying to rdesktop to a Win2003 server that has been upgraded to use SSL for server authentication. (See [URL]). Works fine connecting to other Win2003 servers, just not the secured ones. I'm using Rdesktop version 1.6.0 on Linux Fedora and also SUSE. To connect to the secure servers, Windows clients use the updated RDP client - version 5.2. As a workaround, I attempted to set up an SSL tunnel for rdesktop but wasn't successful in connecting through that either:
ssh username@10.10.10.10 -L 1024:winserver.work.org:3389
rdesktop localhost:1024
Has anyone been able to use rdesktop to connect to a win server that has been configured to use SSL server authentication for RDP connections?
Firefox 3.6.12 on Ubuntu 10.10 on my desktop computer is reporting a "this connection is untrusted" error for sites that have security certificates provided by COMODO. Yet, the same sites work fine in Firefox 3.6.x on Windows XP, or Chromium in Ubuntu. Here is the more specific message: "The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)" The issuer is listed as "COMODO High Assurance Secure Server CA." Here are some examples that throw this error for me:[URL]... It appears that there was some controversy with COMODO and Mozilla (due to bad behavior by COMODO) in the past, but all I can find on that indicates that this should be not an issue any longer.
Anybody with ideas?
Have extensively Googled and searched on here, but with no success. We have a MYPC service at our company, but our support staff have been well trained in the phrase..."we do not offer support for Linux", but the MYPC service that we have did work recently under Ubuntu 9.04 that I had at home, however since upgrading both my laptop and desktop to 10.10 and 10.4 respectively, neither now work when I use the Citrix 11 Receiver client.
I get; "You have not chosen to trust "GeoTrust Global CA", the issuer of the server's security certificate (SSL error 61." So I got, what I thought were the relevant certificates from [URL].. tes/index.html (see image for a list of certificates) but still no joy. whilst I don't want to call my support department, I wonder if they have taken a conscious decision to block access to the MYPC system from anything other than Windows OSs?
I just started a new job. My company office is in Paris and I am working from the south of France. To work, I have to connect to the office via a VPN access. I have installed a fedora 14 on my laptop and now i want to configure openvpn.openvpn is installed and I wonder if someone can give me a help to configure it and how and where to put the server IP address and what it's required.
View 3 Replies View RelatedI connect to a VPN using openVPN. Now, after the connection is established, all my traffic goes through tun0. My LAN gateway is 10.100.98.4... So, for apps to use my direct internet connnection I did
sudo route add default gw 10.100.98.4
But, I cant use tun0 now. I know this because
curl --interface tun0 google.com
doesnt give me anything.. How do I go about using both connections simultaneously. How can I achieve that?
ROUTING TABLES:-
Without VPN running:-
Destination Gateway Genmask Flags Metric Ref Use Iface
10.100.98.0 * 255.255.255.0 U 1 0 0 eth0
default 10.100.98.4 0.0.0.0 UG 0 0 0 eth0
[code]...
There dosent seem to be a guide for this...i can use pptp vpn on ubuntu-how do i use openvpn-a step by step guide would be really useful!!
The vpn provider i use is called 'hidemyass' vpn-anyone know if openvpn will work on ubuntu with this?
Can anyone recommend a good tutorial in how to use/setup a VPN using openVPN? I've registered with strongvpn.com but am a complete newb to setting up VPN on Ubuntu.
View 1 Replies View RelatedI have set up OpenVPN for my connection. I'm using this to connect to the internet from different locations using tunnelling.
Right now I have a few IP's : on eth0 I have IP from my ISP, on eth0:1 I have my own IP.I set up MASQUERADE to eth0 - but in this case when I try to access my restricted resources IP address from ISP is visible.
What I want is to use my own IP address from eth0:1 - could somebody help me to build good working redirect entry for that? I want to redirect all connections to that IP assigned on eth0:1... - just to access Internet using my IP.
I am trying to start a 2nd openvpn service on my server so that clients can connect via udp instead of tcp.However when I run: openvpn /etc/openvpn/openvpn2.conf
I get no response at all.Usually I would expect the startup parameters or at least an error but I get nothing. I have to CTrl+c to get back to the prompt.ANy ideas what I can try?I changed the serve config so it has tun1 instead of tun and also changed the log files to openvpn-status2.log so it doesn't overwrite the other server.I also changed the network so there wouldn't be any IP conflicts. Openvpn1 runs on 172.16.x.x
I had configured Openvpn(2.0.9) server On Centos Machine>its working fine.i had already created keys for clients.Now i want to create one more key for new client.When i tried the "./build-key user " command its showing ""Please edit the vars script to reflect your configuration,then source it with "source ./vars".Next, to start with a fresh PKI configuration and to delete any previous certificates and keys, run "./clean-all".Finally, you can run this tool (pkitool) to build certificates/keys."".
Is there Any way to add more keys without changing Existing keys.
i want to setup openvpn with preshared key. i want to make my linux system as openvpn server and windows machine as client. both the systems are same LAN. i am using centos 5.3 and windows xp. can u tell me the steps to create a vpn between these two using psk.
View 4 Replies View RelatedI need to run a 2nd instance of openvpn on my server so that it can run on udp. The current one runs on tcp and I need to keep that running. Apparently, I need to create a 2nd tun network for it to use - how can I do that? I tried starting a 2nd instance of openvpn but it just seems to hang.
View 1 Replies View RelatedI try to establish basic connection between my 2 end systems using openvpn. The problem is when i move the client files to my laptop i cant even ping the server from there. I copy paste the server commands in section 4 [URL] ....
In the client i ran the first command and changing VPNSERVER IP with 10.9.8.1 and LOCALGATEWAY IP with 192.168.1.1
which i thought that whats the server use : ROUTE_GATEWAY 192.168.1.1/255.255.255.0 in the server initialization process
The second command produce error device tun0 not found and when i create one using openvpn --mktun --dev tun
I get RTNETLINK answers : network is unreachable
Note : I use wireless connection in the client system (laptop). The server works good and i could ping him ( from the same machine ) but cant ping him or access the vpn server in my laptop. I also use default openvpn settings...
I have a Debian Lenny server with Bind9 (slave) Shorewall and OpenVPN on it. I also have a Win 7 client at my disposal to test the OpenVPN connection.I can make a connection with my Win 7 but when i'm connected i can only ping myself and the server's OpenVPN NIC (TUN0). The Debian server has 3 NICS. One for the servers, one for the internet and one for the clients.
View 1 Replies View Relatedi've set up an openvpn server (with dhcp running on it) and i have to create compatible clients.the problem is how to get an ip by dhcp.with ubuntu i made a script like this
/sbin/ifconfig tap0 up
/sbin/dhclient -e tap0
and everything works fine:tap0 goes up and then start a dhcp request to the server on tap0with fedora there is a nice problem i've noticed that is impossible to run dhclient later on a new interface because i receive this error "dhclient is already running".the tap0 goes up normally but i receive this error when i attempt to get an ip.is there a simple way to get an ip?if i try to kill or restart dhclient when the vpn tunnel is up,all'interfaces lost theirs ip and network goes down crashing my vpn...
It is the first time have I used VPN. I installed OpenVPN in my Fedora 11 computer. I did it following:URL...And I stopped at step 16: service openvpn start . The service can not start up. Even if I disabled Selinux . Does anyone know how to treat this trouble.
View 1 Replies View RelatedIs there anyway you can configure either OpenVPN client or the system to allow connections using OpenVPN to be made to computers on the OpenVPN network using their alias rather than their IP address. This may sound blasphemous but you can in Windows. That is if the VPN network is say 10.x.0.x I could connect to Comp4 or Comp2 using Comp4 or Comp2 not 10.x.0. 4 or 10.x.0.2 or whatever IP is allocated by the OpenVPN server. If the OpenVPN server has not been restarted then it will usually allocate the same IP every time the same client connects.
View 8 Replies View RelatedDoes anyone know how to configure Fedora 12 to use netbios over an OpenVPN network
putting
hosts: files wins dns
into the nsswitch.conf file enable netbios over the LAN but not over the VPN.
I'm in troubles with the OpenVPN, I've seen tons of tutorials on the Internet of how to setup it, but failed at last... If somebody could help me a little, I'll really appreciate that.The problem is, I can connect to VPN server, passed the authorization, but I can't surf the Internet through the OpenVPN server...
View 1 Replies View RelatedI installed fedora15, My openvpn didn't connect to my working computer.I checked openvpn configure more time, but still don't connect,
View 11 Replies View Related