Koozali.org: home of the SME Server

SME 7 and some q's about Swerts-Knudsen OPENVPN

achandra

SME 7 and some q's about Swerts-Knudsen OPENVPN
« on: February 25, 2006, 09:20:20 AM »
Okay.. I got through the install just fine and instructions were very clear for the Swerts-Knudsen vpn how to .

But I was a little confused in two parts -

1) It asks to use the open port feature..If I use the port forwarding port and leave the destination port with *  does that do the same thing. Also noticed the panel is unde "unknown" rather than security. Im not complaining just wondering about how this functions. (Opening up port 1194 UDP)

2) As for the panels themselves there is a section when addind users that says allow user to VPN in or not. I tried with some accounts that say no. These ones were able to authenticate as well so Im not sure if its a bug or not. But I searched around on contribs.org and couldnt find a reference to this.

As a note - I did do the vpn part of it as a test to see if I could connect at all from the internal lan so Im not sure if it blocks users that Ive set to no if I VPN in from the outside. Can someone verify this??

Offline gregswallow

  • *
  • 651
  • +1/-0
SME 7 and some q's about Swerts-Knudsen OPENVPN
« Reply #1 on: February 25, 2006, 09:22:53 AM »
Openvpn is a contrib - Moving this to the SME7 Contribs category.

achandra

sure is
« Reply #2 on: February 25, 2006, 09:30:46 AM »
THNX 8-)

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
SME 7 and some q's about Swerts-Knudsen OPENVPN
« Reply #3 on: February 26, 2006, 03:26:25 AM »
Take a look at  http://sme.firewall-services.com/HowtoOpenVPNSME7.pdf

It is for bridging mode, but if you look about half way down there is a section on opening the port
If you think you know whats going on, you obviously have no idea whats going on!

achandra

Yup thats what I used
« Reply #4 on: February 26, 2006, 08:58:31 AM »
Hi,

Yep..Thats what I used. The questions I have ask about that very article...In essence why use the open port when Portforwarding pane is built in to SME 7. Does portwarding with * as the destination do the same thing as open port?

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: Yup thats what I used
« Reply #5 on: February 26, 2006, 10:47:06 PM »
Quote from: "achandra"
Hi,

Yep..Thats what I used. The questions I have ask about that very article...In essence why use the open port when Portforwarding pane is built in to SME 7. Does portwarding with * as the destination do the same thing as open port?


No, it doesn't.

You are correct though, that there is no need to use the "port opening"contrib, which has always been deprecated. The port will be open if you follow this part of the advice in the howto:

config set openvpn service status enabled access public UDPPort 1194
signal-event remoteaccess-update