Koozali.org: home of the SME Server

openvpn on 6.01

Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
openvpn on 6.01
« Reply #105 on: March 27, 2005, 07:32:36 AM »
Within the openvpn how-to it list change to a couple of files - /etc/openvpn/server.conf, /etc/openvpn/openvpn.up, C:/Program Files/OpenVPN/config and to the server-manager under the Security section.

What has me confused is how this relates to my setup and what goes where.

My details.

SME server 6.0.1 with ip address 192.168.1.242
Hardware router with ip address 192.168.1.1
Domain name is magicwilly.info

Can some help with what goes where?

Thanks,
William.
Regards,
William

IF I give advise.. It's only if it was me....

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
openvpn on 6.01
« Reply #106 on: April 03, 2005, 05:04:34 PM »
I have installed openvpn on 4 servers using Knuddi's how to, and they all came up with only one small hitch (the chmode on openvpn.up).

I may have missed something, but while I am connected to the server, I can not browse it from windows explorer. I can access it by ip or server name, but it does not appear in my list of network places.

Doing an ipconfig shows an ip is resolved, but there is no default gatway for the vpn connection.

Is this normal?

Have I missed something? Do I need to add something?


Discoered I had some problem with my XP box. All is good now

Bob

Thanx

Bob

The xp box I am using is also behind an SME 6.0-01 server (if that makes any difference)
If you think you know whats going on, you obviously have no idea whats going on!

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
openvpn on 6.01
« Reply #107 on: April 07, 2005, 07:18:09 AM »
I have been deploying this with mixed success. I am still having a couple of servers that are giving me a couple of problems.

The install I mentioned in the post just above this one. I did find a work arround, but I still can not browse the shares on the server.

The second server I am having a little problem with may not be my problem, but I am not sure. The server is connected to a router which is behind a firewall. I have no control over either the firewall or router. I have to rely on a third party for this. I have requested that port 1194 be forwarded to the server. I can connect to the server with the vpn, and can access server manager through the tunnel. I can access the server with putty through the tunnel. but I can not access the shared ibays to map it, or browse the server. Servers are sme 6.0-01 with the update script from Greg Swallow. Any ideas would be appreciated

Bob
If you think you know whats going on, you obviously have no idea whats going on!

galorin

OpenVPN errors, problems with tun kernel module
« Reply #108 on: April 07, 2005, 06:01:24 PM »
I've been trying to get OpenVPN working, following the howto that has been linked to many times so far.  I've gotten to the "service openvpn start" stage, but it fails when executing that command.  I've traced the problem to the tun kernel module.  It seems that the module isn't loaded.  When trying to load the module by hand, I get the following:

Quote

[root@sme root]# modprobe tun
/lib/modules/2.4.20-18.7/kernel/drivers/net/tun.o: unresolved symbol dev_alloc_name_Rb7ff7f15
/lib/modules/2.4.20-18.7/kernel/drivers/net/tun.o: unresolved symbol alloc_skb_Rf0b0d440
/lib/modules/2.4.20-18.7/kernel/drivers/net/tun.o: unresolved symbol __dev_get_by_name_R2874edee
/lib/modules/2.4.20-18.7/kernel/drivers/net/tun.o: unresolved symbol dev_close_R13fc4fd7
/lib/modules/2.4.20-18.7/kernel/drivers/net/tun.o: unresolved symbol eth_type_trans_R7225c177
/lib/modules/2.4.20-18.7/kernel/drivers/net/tun.o: unresolved symbol register_netdevice_Rdbb802e2
/lib/modules/2.4.20-18.7/kernel/drivers/net/tun.o: unresolved symbol skb_copy_datagram_iovec_R31176bc8
/lib/modules/2.4.20-18.7/kernel/drivers/net/tun.o: unresolved symbol skb_over_panic_Rd3ef3250
/lib/modules/2.4.20-18.7/kernel/drivers/net/tun.o: unresolved symbol irq_stat_R743917bd
/lib/modules/2.4.20-18.7/kernel/drivers/net/tun.o: unresolved symbol netif_rx_Rc4ca0af4
/lib/modules/2.4.20-18.7/kernel/drivers/net/tun.o: unresolved symbol __kfree_skb_R03a733b2
/lib/modules/2.4.20-18.7/kernel/drivers/net/tun.o: unresolved symbol unregister_netdevice_R7a637664
/lib/modules/2.4.20-18.7/kernel/drivers/net/tun.o: insmod /lib/modules/2.4.20-18.7/kernel/drivers/net/tun.o failed
/lib/modules/2.4.20-18.7/kernel/drivers/net/tun.o: insmod tun failed


I've double-checked my configs, and everything seems to be in order.  Short of re-compiling the kernel is there anything that I can do to get around this?

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
openvpn on 6.01
« Reply #109 on: April 07, 2005, 06:29:30 PM »
did you chmod 700 openvpn.up? I have had a few similar problems, and it turned out to be the chmod, or an error in openvpn.conf.

Bob
If you think you know whats going on, you obviously have no idea whats going on!

galorin

openvpn on 6.01
« Reply #110 on: April 08, 2005, 01:43:10 PM »
Could you post your openvpn.conf?  I've got a server.conf in /etc/openvpn but no openvpn.conf file.  I also checked permissions on openvpn.up and changed it to 700, but the service fails to start.

I'm currently running SME inside qemu, and it works just fine, had to enable tun on the host OS (Slackware) in order to get SME visible to the rest of the network.  The tun kernel module operates independantly of openvpn, and that module is where my problem lies.

Anything else, I can't check because nothing is getting dumped into the logs while trying to start the service.  Maybe I should just start over, after all, this install is a trial run before putting it on a system at a customer's request.  SME has got a nice web frontend, but I really do not like rpm-based distros  ;-)

UPDATE: I've tried reinstalling with no luck.  I am going to download the 6.5 RC1 and try that out, and see if I have any better luck.

Inq

openvpn on 6.01
« Reply #111 on: August 03, 2005, 04:20:47 PM »
Right i've installed openvpn by the book, and when I try start the service, I get an instant [FAILED]. There are no entries in the logs. So I was wandering, how do I uninstall all the rpm's and try again.

Here is my server.conf

Code: [Select]
port 1194
dev tap

tls-server

dh dh1024.pem
ca ca.crt
cert server.crt
key server.key

auth-user-pass-verify ./validate.sh via-env
client-disconnect ./logoff.sh

up ./openvpn.up

mode server
duplicate-cn
ifconfig 192.168.100.1 255.255.255.0

ifconfig-pool 192.168.100.100 192.168.100.200 255.255.255.0 # IP range for openvpn client

mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 10
ping-restart 120

push "ping 10"
push "ping-restart 60"

push "dhcp-option DOMAIN xxxxxxxxx.com"             # push the DNS domain suffix
push "dhcp-option DNS 192.168.0.200"                   # push DNS entries to openvpn client
push "route 192.168.0.200 255.255.255.0 192.168.100.1" # add route to to protected network

comp-lzo
status-version 2
status openvpn-status.log
verb 3


Here is my openvpn.up

Code: [Select]
#!/bin/sh

route del -net 192.168.100.0 netmask 255.255.255.0 gw 192.168.0.200
route del -net 192.168.100.0 netmask 255.255.255.0 dev tap0
route add -net 192.168.100.0 netmask 255.255.255.0 gw 192.168.100.1


My SME is in server + routing mode.

It has two ethernet cards, one for the internal network (eth0) and one connected to an adsl modem (eth1). The sme ip address for the internal network is 192.168.0.200

I've opened up the local nework on the server-manager.

I think there is an issue closer to the server.conf for it to fail so fast. Installation of rpms whent w/o error.

Thanks for any help in adv.

Inq

openvpn on 6.01
« Reply #112 on: August 03, 2005, 04:37:20 PM »
Ah I just checked the messages log:

Code: [Select]

Aug  3 15:23:32 mail openvpn[10402]: OpenVPN 2.0 i386-redhat-linux [SSL] [LZO] built on Apr 18 2005
Aug  3 15:23:32 mail openvpn[10402]: WARNING: --keepalive option is missing from server config
Aug  3 15:23:32 mail openvpn[10402]: Diffie-Hellman initialized with 1024 bit key
Aug  3 15:23:32 mail openvpn[10402]: Cannot load certificate file server.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Aug  3 15:23:32 mail openvpn[10402]: Exiting
Aug  3 15:23:32 mail openvpn:  failed


like a dipstick I forgot to copy the certs to /etc/openvpn!

Now it starts, with a warning

Code: [Select]

Starting openvpn: SIOCDELRT: No such process
                                                           [   OK   ]
[root@mail openvpn]#


When I try connect from the client side I'm asked for a username and password. I try the admin account for the server, and a few user accounts but i'm kicked. Did know I set up any vpn logins. Is this another oversight?

Inq

openvpn on 6.01
« Reply #113 on: August 03, 2005, 04:47:30 PM »
It's funny how just writing the issue down, allows you to figure out what's gone wrong. Anyway, it all works fine, connects and log's in.

Now I need to be able to access the windows network behind the VPN server. Hope I work it out b4 a reply comes.

Offline pcdoc

  • *
  • 56
  • +0/-0
openvpn on 6.01
« Reply #114 on: April 06, 2006, 04:59:38 PM »
just a quick question. feel like a bit of a noob sometimes.

If I have two NICs in a machine, one local and the other WAN, with a smilar server in another location, and i run openvpn in bridge mode, will either of the two machines be able to access the internet, or just themselves.

Last time i tried it, I had no external internet access from either of the machines, and this seems a bit unreal.

Tell me it isnt so, please.

Or do I just concentrate on getting routing working between a 6.01 and 7RC1 server running. having iptables denylog problem going from 6.01 server to 7RC1 server, works great the other way around.

Only other issue with routed network, I cant get the 7RC1 clients to see the clients on the 6.01 server. Is this to be expected as well??

I am nearly bald now from pulling my hair out on this one!!
There are 10 types of people in this world,
   Those that know binary, and those who don't!