Koozali.org formerly Contribs.org

OpenVPN for Sme 7.0

OpenVPN for Sme 7.0
« on: August 09, 2006, 05:43:48 AM »
Does anyone have openvpv fully working on sme 7.0?

If so what are you using?


Thanks!!!! :-o

Offline mojo


OpenVPN for Sme 7.0
« Reply #2 on: August 09, 2006, 06:25:12 AM »
I have tried his and it does not work with 7.0.

He also posted on his site that he has not found one for 7.0.

Revision History
April 29, 2006 Updated to OpenVPN 2.0.7 for SME 6.x (haven't found the package for SME7)

Thanks

OpenVPN for Sme 7.0
« Reply #3 on: August 09, 2006, 07:18:38 AM »
I have been using openvpn on SME 7 for at least a couple of months and used the how to mentioned above.

Tony
...

OpenVPN for Sme 7.0
« Reply #4 on: August 09, 2006, 07:30:53 AM »
Are you using sme 7.0 finial release and are you using the rpm's from his site?

Thanks  :-?

OpenVPN for Sme 7.0
« Reply #5 on: August 09, 2006, 08:34:24 AM »
Yes I am using SME 7 final.

The rpms used were:.

lzo-1.08-4.2.el4.rf.i386.rpm
openvpn-2.0.2-1.2.el4.rf.i386.rpm
smeserver-openvpn-0.0.1-2.noarch.rpm

Hope this helps.

Tony
...

Offline Daniel B.

  • *
  • 1,694
    • Firewall Services, la sécurité des réseaux
OpenVPN for Sme 7.0
« Reply #6 on: August 09, 2006, 11:39:30 AM »
If you're looking for the bridge mode, you can use my contrib, based on swerts's job

http://sme.firewall-services.com/files/openvpn/smeserver-openvpn-bridge_beta1.tar.gz

and its how-to

http://sme.firewall-services.com/files/openvpn/smeserver-openvpn-bridge_beta1.pdf

It's a beta but I use it on several production server and I hadn't any problems for now.

With this, there's a simple panel to configure some parameters (specify a cipher, enable the compression, enable the user/pass authentication etc..), you can also generate the client config file according to the server config. You can also download from the server-manager the client.key, client.crt and ca.crt file, if you use the same certificate for all the clients.

I'm working hard on the next version wich will include a routed and a client mode and maybe a certificate generator so that it would be easier to use one certificate per client.
C'est la fin du monde !!! :lol:

Offline jester

  • *
  • 496
OpenVPN for Sme 7.0
« Reply #7 on: August 09, 2006, 12:17:38 PM »
Hi VIP-ire,

Does this new version you are working on maybe include multiple connections/site-to-site (server-to-server) connections ?! I've got your contrib installed and it's working brilliantly for road-warrior login's... but i'm also in need of connecting the same server to a remote site.

Kind regards,
jester.

Offline Daniel B.

  • *
  • 1,694
    • Firewall Services, la sécurité des réseaux
OpenVPN for Sme 7.0
« Reply #8 on: August 09, 2006, 12:28:13 PM »
Yes, I'm working on this feature but I cant say when it would be ready, in a few weeks I think.

I will include a client configuration section where you'll be able to copy/past the auto-genereted client config from another server with the same contrib, or any configuration you like. With this you should be able to connect as many SME server as you want to a central SME server.

I will post as soon as it will be ready for testing
C'est la fin du monde !!! :lol:

OpenVPN for Sme 7.0
« Reply #9 on: August 16, 2006, 02:14:35 PM »
Quote from: "VIP-ire"
If you're looking for the bridge mode, you can use my contrib, based on swerts's job

http://sme.firewall-services.com/files/openvpn/smeserver-openvpn-bridge_beta1.tar.gz
............


Hi VIP-ire, I'm using the Swerts-Knudsen routing openvpn solution at work. I wanted to implement the same solution at home to let play LAN games for friends over Internet and vpn. I think that with routing configuration of openvpn broadcast data are stopped and this is a problem for games that don't have direct ip access.
So i wanted to try your bridge solution. Do you think I can solve my problem in this way?

And what about to change my actually configuration of routing vpn to bridge configuration?

Thanx a lot Fred

Offline Daniel B.

  • *
  • 1,694
    • Firewall Services, la sécurité des réseaux
OpenVPN for Sme 7.0
« Reply #10 on: August 16, 2006, 03:07:25 PM »
Well, that's not the first time I heard routed mode is not the best for gamers. The main difference between routed and bridge is that in bridge mode, you're connected through the VPN in the same network as the other client, as if you were connected to the same switch. That mean that even layer 2 can pass through the tunnel (ARP for example).
I use bridge mode at home 'cause I find it more convinient, for example, samba's share are browsable without WINS server.

The answer to your question is yes, I think configuring a bridge mode openvpn server will solve your problem but there're at least two disadvantages:
* You cannot filter the communication as finely because you're on the same subnet
* The usefull bandwidth is a little reduced

I use my contrib on production servers in server & gataway mode and it works quite well, but I heard there's a problem in server-only mode, I havn't corrected it yet.
C'est la fin du monde !!! :lol:

OpenVPN for Sme 7.0
« Reply #11 on: August 17, 2006, 03:18:42 AM »
Thank you for your answer, I'm using the server in gateway/server mode too so I'll try your solution.

I only have a question to the best way to "migrate" to bridge mode from Swerts routing solution to your.

It's better that I unistall Swerts installation and execute your contrib from the biginning or can I arrange the installation? Maybe is enough to change the server.conf file?

Thank again, Fred

Offline nefkho

  • ****
  • 183
    • http://www.cagothonglines.com
error build-keu cleint (TXT_DB error number 2)
« Reply #12 on: August 17, 2006, 07:34:15 AM »
hi trying to install on a sme 7 final with serveronly mode. i got the ff error upon building key client.

[root@smeserver7 easy-rsa]# ./build-key client
Generating a 1024 bit RSA private key
.......................++++++
.....................++++++
writing new private key to 'client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) [XX]:
Locality Name (eg, city) [XX]:
Organization Name (eg, company) [VPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:Server
Email Address [admin@xxxxxxxxxxxx.xxx.xx]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'XX'
stateOrProvinceName   :PRINTABLE:'XX'
localityName          :PRINTABLE:'XX'
organizationName      :PRINTABLE:'VPN'
commonName            :PRINTABLE:'Server'
emailAddress          :IA5STRING:'admin@xxxxxxx.xxx.xx'
Certificate is to be certified until Aug 14 05:24:14 2016 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
[root@smeserver7 easy-rsa]#

anyone can help me please.

thanks,
Nef Kho  :-) .........

Offline Daniel B.

  • *
  • 1,694
    • Firewall Services, la sécurité des réseaux
OpenVPN for Sme 7.0
« Reply #13 on: August 17, 2006, 09:35:52 AM »
Quote from: "dede77b"
Thank you for your answer, I'm using the server in gateway/server mode too so I'll try your solution.

I only have a question to the best way to "migrate" to bridge mode from Swerts routing solution to your.

It's better that I unistall Swerts installation and execute your contrib from the biginning or can I arrange the installation? Maybe is enough to change the server.conf file?

Thank again, Fred


Yes, it's better to uninstall swertz installation as my contrib install everything that is needed. The server.conf file is generated by templates, so you won't have to edit it, just remove the two rpm, save the directory /etc/openvpn if you wan't to come back to the routed mode and then delete it. run the install script and it should be ok, you'll just have to enable the service with the new panel.
C'est la fin du monde !!! :lol:

Offline Daniel B.

  • *
  • 1,694
    • Firewall Services, la sécurité des réseaux
Re: error build-keu cleint (TXT_DB error number 2)
« Reply #14 on: August 17, 2006, 09:42:40 AM »
Quote from: "nefkho"
hi trying to install on a sme 7 final with serveronly mode. i got the ff error upon building key client.

[root@smeserver7 easy-rsa]# ./build-key client
Generating a 1024 bit RSA private key
.......................++++++
.....................++++++
writing new private key to 'client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) [XX]:
Locality Name (eg, city) [XX]:
Organization Name (eg, company) [VPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:Server
Email Address [admin@xxxxxxxxxxxx.xxx.xx]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'XX'
stateOrProvinceName   :PRINTABLE:'XX'
localityName          :PRINTABLE:'XX'
organizationName      :PRINTABLE:'VPN'
commonName            :PRINTABLE:'Server'
emailAddress          :IA5STRING:'admin@xxxxxxx.xxx.xx'
Certificate is to be certified until Aug 14 05:24:14 2016 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
[root@smeserver7 easy-rsa]#

anyone can help me please.

thanks,


Well, I haven't seen this error before. You should try to run the script ./clean-all and restart from the begining, be carefull to enter the same Organizational Unit Name for the CA, the server certificate and the client certificate
C'est la fin du monde !!! :lol: