FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 11-08-2009, 03:14 PM
Daniel Bareiro
 
Default OpenVPN

Hi, Consultores.

On Sunday, 01 November 2009 11:11:48 -0800,
Consultores wrote:

> client-to-client?

As it commented in another message of this thread, I already could solve
it. The client-to-client option would only allow that the clients can
see themselves to each other.

Thanks for your reply.

Regards,
Daniel
--
Fingerprint: BFB3 08D6 B4D1 31B2 72B9 29CE 6696 BF1B 14E6 1D37
Powered by Debian GNU/Linux Squeeze - Linux user #188.598
 
Old 11-08-2009, 04:44 PM
"H.S."
 
Default OpenVPN

Daniel Bareiro wrote:
> Hi all!
>
> I was making a first attempt to establish a VPN between my house and the
> office. The scenery from the side of my house is the following one:
> ________
> +----------+ +-----------+ +----------+ ____/ \___
> | OpenVPN |_____| GNU/Linux |_____| ADSL |_____/ Internet
> | server | | Firewall | | Router | \____ ____/
> +----------+ +-----------+ +----------+ \_______/
>
> Local network: 10.1.0.0/24
> VPN network: 10.8.0.0/24

I am new to OpenVPN (even to VPN). I just finished installing it on home
lan's gateway (router machine, running Debian Testing). My setup at home is:
--------------------
_________ | Router m/c | ________
ADSLModem|-->{eth1 and OpenVPN eth0}---->| Switch |--> Home lan
---------' | server ath0}--, -------- 192.168.0.0/24
-------------------- |
`--> To Home wifi
192.168.5.0/24

VPN network: 172.16.15.0/24


NB: The VPN server is configured to allow the clients to talk to home
lan (and not to home wlan). The primarily because I want to test my
setup from within my home, so I make my wlan as a remote network for VPN
testing purposes.

Also, I am using tun devices for my VPN (the networks are routed, not
bridged).

Now, to get VPN clients to talk to my home lan and to the internet
though my modem, I needed to allow forwarding and postrouting in my
iptables firewall. The rules I added are as follows.
################################################## #############
# VPN traffice
#allow VPN clients to connect from WAN
$IPTABLES -A INPUT -p udp --dport 1194 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 1194 -j ACCEPT
#now, allow traffice from vpn servers (this is a very liberal
rule, fine tune later)
$IPTABLES -A INPUT -i tun+ -j ACCEPT
$IPTABLES -A OUTPUT -o tun+ -j ACCEPT
$IPTABLES -A FORWARD -i tun+ -j ACCEPT
$IPTABLES -A FORWARD -o tun+ -i ppp0 -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i ath0 -o tun+ -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -o tun+ -j ACCEPT

#and also
$IPTABLES -t nat -A POSTROUTING -s 172.16.15.0/24 -o $EXTIF -j
MASQUERADE
################################################## #############

In your case, allow port forwarding from you firewall to the VPN server.
This needs to be configured on your firewall/router machine.

Next, to let your VPN clients talk to your lan, you need to setup
forwarding and masquarading on your VPN server machine. And in your
case, I think $EXTIF is going to be your lan card of your VPN server. In
the rules example above, you need to change the devices according to
your setup (you probably won't have ath0 line).

Hope this is helpful in some way. If you have further questions about my
setup, let me know.

Regards.
->HS



--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-08-2009, 04:47 PM
Daniel Bareiro
 
Default OpenVPN

Hi, Ales.

On Thursday, 29 October 2009 06:43:31 +1100,
Alex Samad wrote:

> > I was making a first attempt to establish a VPN between my house and
> > the office. The scenery from the side of my house is the following
> > one:
> > ________
> > +----------+ +-----------+ +----------+ ____/ \___
> > | OpenVPN |_____| GNU/Linux |_____| ADSL |_____/ Internet
> > | server | | Firewall | | Router | \____ ____/
> > +----------+ +-----------+ +----------+ \_______/
> >
> > Local network: 10.1.0.0/24
> > VPN network: 10.8.0.0/24

> any particular reason not to run the vpn server on the firewall ! it
> is already the default gw for your local lan and it would make routing
> easier.

We can run OpenVPN on ours firewall if we like (or need), but I think
this is not encouraged. Firewalls should be limited-purpose systems with
as little complexity as possible. Running OpenVPN on your firewall
complicates the firewall, and presents a possible attack vector for
malicious activity. Consider what happens if your firewall host is
compromised, and it's running OpenVPN: the attacker gains access to your
VPN configuration, and could conceivably construct a man-in-the-middle
attack against all your VPN clients.

> what you have below is the a sympton of the routing problem.

According to I could see, was necessary to have enable IP forwarding
and masquerading in host of OVPN server.

> also any reason you choose tun over tap - I usually default to tap.

Besides being the default configuration, I used routing by its
efficiency and scalability.

Thanks for your reply.

Regards,
Daniel
--
Fingerprint: BFB3 08D6 B4D1 31B2 72B9 29CE 6696 BF1B 14E6 1D37
Powered by Debian GNU/Linux Squeeze - Linux user #188.598
 
Old 09-03-2010, 04:30 PM
"mattias"
 
Default openvpn

If i have a vpn tunnel with more than 1 ip
Can i maybe configure the tunnel to give out the other ip to another
computer
Maybe a vm?

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-03-2010, 07:01 PM
Kwan Lowe
 
Default openvpn

On Fri, Sep 3, 2010 at 12:30 PM, mattias <mj@mjw.se> wrote:
> If i have a vpn tunnel with more than 1 ip
> Can i maybe configure the tunnel to give out the other ip to another
> computer
> Maybe a vm?

Not sure what you're asking, but yes, you can assign a tunnel IP to a
VM. I have multiple IPs associated with separate VMs. They have a
local IP and the TUN0 IP and access both networks without issue.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-03-2010, 08:43 PM
"mattias"
 
Default openvpn

Exactly
How do you configure it?
-----Ursprungligt meddelande-----
Från: centos-bounces@centos.org [mailto:centos-bounces@centos.org] För Kwan
Lowe
Skickat: den 3 september 2010 21:01
Till: CentOS mailing list
Ämne: Re: [CentOS] openvpn

On Fri, Sep 3, 2010 at 12:30 PM, mattias <mj@mjw.se> wrote:
> If i have a vpn tunnel with more than 1 ip Can i maybe configure the
> tunnel to give out the other ip to another computer Maybe a vm?

Not sure what you're asking, but yes, you can assign a tunnel IP to a VM. I
have multiple IPs associated with separate VMs. They have a local IP and the
TUN0 IP and access both networks without issue.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-27-2010, 10:10 AM
Kaushal Shriyan
 
Default openvpn

Hi,

I have two openvpn site configs. I have configured openvpn in daemon mode and it needs to be restarted automatically while bootup. I am always faced with the below situation.
and then i need to restart it manually.



Dec 27 16:24:26 kaushal-laptop ovpn-sjc2[1287]: script failed: external program exited with error status: 1
Dec 27 16:24:26 kaushal-laptop ovpn-sjc2[1287]: Exiting

Please suggest/guide

Thanks


Kaushal

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-28-2010, 02:53 AM
Nataraj
 
Default openvpn

On 12/27/2010 03:10 AM, Kaushal Shriyan wrote:
> Hi,
>
> I have two openvpn site configs. I have configured openvpn in daemon
> mode and it needs to be restarted automatically while bootup. I am
> always faced with the below situation.
> and then i need to restart it manually.
>
> Dec 27 16:24:26 kaushal-laptop ovpn-sjc2[1287]: script failed:
> external program exited with error status: 1
> Dec 27 16:24:26 kaushal-laptop ovpn-sjc2[1287]: Exiting
>
> Please suggest/guide
>
> Thanks
>
> Kaushal

Is your openvpn logging through syslog or to a seperate log file (an
option in the config file)? I would check to see if openvpn has logged
any errors. Other than that, if it starts and runs fine after the
system is up, then it must be starting too early in the boot sequence
and you might need to use an upstart config file to make it start after
other processes that it might depend on.

Nataraj


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-28-2010, 06:08 AM
Kaushal Shriyan
 
Default openvpn

On Mon, Dec 27, 2010 at 4:40 PM, Kaushal Shriyan <kaushalshriyan@gmail.com> wrote:


Hi,

I have two openvpn site configs. I have configured openvpn in daemon mode and it needs to be restarted automatically while bootup. I am always faced with the below situation.
and then i need to restart it manually.




Dec 27 16:24:26 kaushal-laptop ovpn-sjc2[1287]: script failed: external program exited with error status: 1
Dec 27 16:24:26 kaushal-laptop ovpn-sjc2[1287]: Exiting

Please suggest/guide

Thanks



Kaushal


Hi

I have enabled the verbose debugging in the client.conf and found out the below issue.

################################################## ################################################## ##################


/usr/sbin/postconf: fatal: open /etc/postfix/main.cf: No such file or directory
cp: `/etc/resolv.conf' and `/etc/resolv.conf' are the same file
run-parts: /etc/resolvconf/update-libc.d/postfix exited with return code 1


run-parts: /etc/resolvconf/update.d/libc exited with return code 1
Tue Dec 28 11:26:32 2010 us=115929 script failed: external program exited with error status: 1
Tue Dec 28 11:26:32 2010 us=116004 Exiting
################################################## ################################################## ##################



I found out the issue. the program postfix was updating the same file /etc/resolv.conf , I have purged postfix on my desktop and it works perfectly fine now

Thanks

Kaushal

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 08-30-2012, 09:06 AM
cletusjenkins
 
Default OpenVPN

I'm trying to connect to a VPN service via openVPN. When I try to connect (via network manager's gui) I get an error saying the openvpn service is not running. I do not see any errors in messages, syslog, daemon.log or dmesg about this. When I manually start the service it just says that it is starting, but nothing else. However running ps -ef shows no new processes. Stopping the openvpn service makes no difference in the process list either. I've restarted network-manager and even rebooted to ensure everything is loading properly, but to no avail.

To get to my current state i installed:

sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome

I created the VPN connection with the instructions from the VPN service, but since I can't get the OpenVPN software to even run I don't know what help they can provide.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/532754373.125.1346317823183.JavaMail.sas@172.29.25 1.230
 

Thread Tools




All times are GMT. The time now is 09:56 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org