Koozali.org: home of the SME Server

OpenVPN

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
OpenVPN
« on: September 16, 2015, 10:10:08 PM »
Today i reconfigured my sme server. I answered all the questions as correct i believe. And once it asks for a "DNS address when no internet", I gave no IP address to that last question of the configuration steps.

After reconfiguration the internet is lost. then I changed the RJ 45 cables connected to 2 ports on the server. then internet works. And I manually add NAMESERVER 8.8.8.8 to the resolv.conf file. After all, I tried to connect from home to server via Openvpn it is not connecting. following error msg receiving through openvpn connection window;


Wed Sep 16 21:50:41 2015 OpenVPN 2.3.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun  8 2015
Wed Sep 16 21:50:41 2015 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Enter Management Password:
Wed Sep 16 21:50:41 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Sep 16 21:50:41 2015 Need hold release from management interface, waiting...
Wed Sep 16 21:50:41 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Sep 16 21:50:41 2015 MANAGEMENT: CMD 'state on'
Wed Sep 16 21:50:41 2015 MANAGEMENT: CMD 'log all on'
Wed Sep 16 21:50:41 2015 MANAGEMENT: CMD 'hold off'
Wed Sep 16 21:50:41 2015 MANAGEMENT: CMD 'hold release'
Wed Sep 16 21:50:51 2015 MANAGEMENT: CMD 'username "Auth" "s.nirosh"'
Wed Sep 16 21:50:51 2015 MANAGEMENT: CMD 'password [...]'
Wed Sep 16 21:50:51 2015 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Sep 16 21:50:51 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Sep 16 21:50:51 2015 UDPv4 link local (bound): [undef]
Wed Sep 16 21:50:51 2015 UDPv4 link remote: [AF_INET]89.2.7.225:1194
Wed Sep 16 21:50:51 2015 MANAGEMENT: >STATE:1442433051,WAIT,,,
Wed Sep 16 21:51:51 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 16 21:51:51 2015 TLS Error: TLS handshake failed
Wed Sep 16 21:51:51 2015 SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 16 21:51:51 2015 MANAGEMENT: >STATE:1442433111,RECONNECTING,tls-error,,
Wed Sep 16 21:51:51 2015 Restart pause, 2 second(s)
Wed Sep 16 21:51:53 2015 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Sep 16 21:51:53 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Sep 16 21:51:53 2015 UDPv4 link local (bound): [undef]
Wed Sep 16 21:51:53 2015 UDPv4 link remote: [AF_INET]89.2.7.225:1194
Wed Sep 16 21:51:53 2015 MANAGEMENT: >STATE:1442433113,WAIT,,,
Wed Sep 16 21:52:07 2015 SIGTERM received, sending exit notification to peer
Wed Sep 16 21:52:08 2015 SIGTERM[soft,exit-with-notification] received, process exiting
Wed Sep 16 21:52:08 2015 MANAGEMENT: >STATE:1442433128,EXITING,exit-with-notification,,



what do i have do to connect via openvpn.

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: OpenVPN
« Reply #1 on: September 16, 2015, 11:13:50 PM »
You should first tell us which contrib you have installed, and which client is trying to connect, and how you have configured it.....
As a side note, you should not modify directly your /etc/resolv.conf file. This is managed by the SME Server templates engine, you'd better read some documentation
C'est la fin du monde !!! :lol:

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #2 on: September 16, 2015, 11:56:15 PM »
Ok. thanks for the advice.
my version of OS is - Linux 2.6.18 371. i686
I have deployed this server as a Gateway and server mode
I am trying to connect from windows 7

do i have to re configure openvpn?
How can i check if my openvpn is configured as bridge mode or as an othermode?

thanks for your quick reply

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: OpenVPN
« Reply #3 on: September 17, 2015, 09:53:25 AM »
do i have to re configure openvpn?
How can i check if my openvpn is configured as bridge mode or as an othermode?

There's no builtin OpenVPN server. Which contrib have you installed ?
C'est la fin du monde !!! :lol:

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: OpenVPN
« Reply #4 on: September 17, 2015, 10:09:26 AM »
Quote
"DNS address when no internet"

can you explain where did you see such a request and in which language? I don't remember anything similar in SME's console..

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #5 on: September 17, 2015, 12:49:01 PM »
How to check which contrib?

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: OpenVPN
« Reply #6 on: September 17, 2015, 01:00:47 PM »
Code: [Select]
/sbin/e-smith/audittools/newrpms

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #7 on: September 17, 2015, 05:38:28 PM »
Centos sme server 8

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: OpenVPN
« Reply #8 on: September 17, 2015, 05:44:49 PM »
smnirosh, you'd try to answer to the questions you've been asked..

Code: [Select]
rpm -qa | grep openvpn

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: OpenVPN
« Reply #9 on: September 17, 2015, 06:38:28 PM »
smnirosh

To explain more simply/fully.
Log in as root or a user with root privileges to a command prompt on your SME server.
Then type in the following commands one at a time & record the output & post it back here.
If you use Putty ssh remote access client (free download) from a workstation on your LAN, then you can cut & paste, making it easy to copy the output from the screen after you type these commands. You right click the little logo icon at the top left corner of the Putty window to access cut & paste commands etc.

/sbin/e-smith/audittools/newrpms

rpm -qa | grep openvpn

These commands will show all the additional rpm packages installed, & specifically show the version of openvpn installed (if installed).

« Last Edit: September 18, 2015, 04:25:41 AM by janet »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: OpenVPN
« Reply #10 on: September 17, 2015, 06:54:22 PM »
thank you janet.. sometimes I forget to give more explanations

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: OpenVPN
« Reply #11 on: September 18, 2015, 03:36:44 AM »
Stefano

For most users here, a simple command should be sufficient, but it seems smnirosh needs some hand holding.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #12 on: September 18, 2015, 11:37:30 AM »
openvpn 2.1.1-2.e15

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: OpenVPN
« Reply #13 on: September 18, 2015, 12:19:24 PM »
is this the only output?

if so, you missed the smeserver-openvpn package..

so, now, please tell us how did you install openvpn

take a look here: http://wiki.contribs.org/OpenVPN_Bridge


Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #14 on: September 18, 2015, 12:40:49 PM »
Dear friends, so sad... after power loss this server has no display. But we have another linux server. we are planned to take this server into action. I am so so so sure this server has to be reconfigure again to be worked.

all this things happen to me is DISASTOR.  :-x :-x :-x :-x

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: OpenVPN
« Reply #15 on: September 18, 2015, 01:30:04 PM »
smnirosh

The Linux file system is very robust & usually tolerant of forced power shutdowns.
The journaling file system can withstand unexpected & non graceful power shutdowns.
So I would not worry too much about disruptions to your files.

You should have an uninterruptible power supply on your server though, so that a graceful (controlled) shutdown can be done in the event of a prolonged power failure.

A reconfigure of a server done via the console menu is not a problem, you have been told this before.
Usually you just step through the screens accepting the values that are already there & then reboot, too easy !

Fixing hardware that has failed is another issue though.
It should be easy enough to swap a monitor from another nearby device.

Please follow the howto to install openvpn correctly, you have an old version of openvpn installed for some unknown reason.
You do not tell us how it came to be installed.

Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #16 on: September 18, 2015, 01:49:28 PM »
Dear Janet, that server is not installed and configured by me. The only thing i know Admin password and where our critical data located and normal domain settings.

but now we are in a much troubled with it because hardware failure. I think it is motherboard Or RAM. This server has RDRam. it is now discontinuing production

We had another server no worked for long time. I am doing the server preparation for boot. after that i will update you all. keep in touch with me. :smile: :smile: :smile:

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: OpenVPN
« Reply #17 on: September 18, 2015, 02:10:43 PM »
smnirosh

It does not matter what the replacement server hardware is.
If you install the fresh SME operating system from CD, you can then do a restore from the last known good backup, & your srever should be up & running with the same configuration & data as previously.

Being ready for serious hardware failures is something that a good sysadmin has a plan prepared for. eg spare equipment & drives etc
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #18 on: September 18, 2015, 03:23:03 PM »
Hi janet, This time it may be the major issue. The boss gave me our previos server.
this one has Neth service 8.2. This one also give a "Reconfigure and reboot required" msg.
We formated the hard disk which was in sme server and our plan is configure a NAS drive. But this server go internet. and openvpn works. But the msg is a problem. my boss said pls reconfigure and give a reboot to making sure we are ready to audit.

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: OpenVPN
« Reply #19 on: September 18, 2015, 03:40:20 PM »
Neth service 8.2. This one also give a "Reconfigure and reboot required" msg.

NethService is a Nethesis' product, and if you're using it you'd ask elsewhere for support..
please don't ask for support on nethserver communisty site, they are 2 different products

www.nethesis.it


Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #20 on: September 18, 2015, 03:51:19 PM »
thanks stefano. I contact nethsis. as their aspect, we have to contact the person who configured this server. they don't directly give us support.  i was disappointed with nethsis. :-x

Any way. I can download sme server and configure domain in it. then share a ibay. Give DHCP range. and create users in it to use domain. I like to give it the same domain name that we used.

My main problem is "can i implement a openvpn through which existing users can logon"

because there are 12 users meant to use this server over openvpn.    :shock:

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: OpenVPN
« Reply #21 on: September 18, 2015, 04:12:39 PM »
smnirosh

Quote
......"can i implement a openvpn through which existing users can logon"
because there are 12 users meant to use this server over openvpn.

PLEASE READ THE DOCUMENTATION.
You are asking questions that you could easily find an answer for, just by browsing the wiki.

eg see http://wiki.contribs.org/Category:Contrib
which shows more than one contrib for openvpn
Read them & work out which one suits your situation & install that.
http://wiki.contribs.org/OpenVPN_Bridge
http://wiki.contribs.org/OpenVPN_Routed
http://wiki.contribs.org/OpenVPN_SiteToSite
& also this
http://wiki.contribs.org/Openswan_IPSEC
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: OpenVPN
« Reply #22 on: September 18, 2015, 04:17:51 PM »
Yes, it's possible to reinstall an OpenVPN server as before. The problem is, if you don't want to touch the configuration of the 12 remote users, you'll need:

- To know how it was installed (was it the bridge contrib ?)
- You'll need to configure it exactly the same way as before
- You'll need to find the certificates on the server and use the same one on your new server

If one of these points is missing (especially the certificate part), then you'll have to start from scratch and reconfigure all the OpenVPN clients
C'est la fin du monde !!! :lol:

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #23 on: September 18, 2015, 04:24:16 PM »
Danial B., following open vpn client config is using by our company to connecto openvpn server. The usernames were in sme domain and they use their domain passwords to connect.


dev tun
# Verificare che l'hostname del server sia corretto.
remote 184.212.203.56

ca server.crt
tls-client
auth-user-pass
float
pull
explicit-exit-notify 1
verb 3


wht is this openvpn model? is it client to client, or server bridge, or route bridge?

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: OpenVPN
« Reply #24 on: September 18, 2015, 04:48:10 PM »
thanks stefano. I contact nethsis. as their aspect, we have to contact the person who configured this server. they don't directly give us support.  i was disappointed with nethsis. :-x

you should not..

BTW, where are you from?

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: OpenVPN
« Reply #25 on: September 18, 2015, 04:53:11 PM »
NethService 8.2 is "just" SME8 with some proprietary packages (not needed)

AFAIK, you can restore a NethService backup on SME

try it first on a VM.. and move to SME9 asap (if you choose to stay on SME)

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #26 on: September 18, 2015, 04:54:17 PM »
Pisa, itay

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: OpenVPN
« Reply #27 on: September 18, 2015, 04:55:09 PM »
interesting..
why didn't you come to italian language forum? :-)

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #28 on: September 18, 2015, 05:00:19 PM »
We are heading to having a ubuntu server in the future.
but now we need only a openvpn server to connect with clients due to few meetings. because we recruited some workers who works at other offices. At the moment i need special help from you to configure nethservice or sme to connect through openvpn.

In the system nethservice, the openvpn is also not working.

wht is your best recommend?

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #29 on: September 18, 2015, 05:01:40 PM »
I just came in italy 9 months ago. my italian is not very well yet. but can handle some speaking methods but not like english

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: OpenVPN
« Reply #30 on: September 19, 2015, 02:49:45 AM »
smnirosh

Quote
wht is this openvpn model? is it client to client, or server bridge, or route bridge?

Are you reading all the posts ? ....or are you just reading the last post ?
You need to scroll back because different people can make posts so you might get 2 or 3 or 4 replies, & you seem to be only reading the last post.
See contrib wiki articles on different variants of openvpn contribs that exist, covering bridge, routed & site to site, refer my earlier post.
http://forums.contribs.org/index.php/topic,51943.msg265222.html#msg265222
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: OpenVPN
« Reply #31 on: September 21, 2015, 08:51:19 AM »
wht is this openvpn model? is it client to client, or server bridge, or route bridge?

Looking at this client config, this is definitely not using the bridge mode. Most likely, the server was installed using this how to: http://wiki.contribs.org/OpenVPN

There's no client side authentication (except login/password), but you still need to recover the certificate which were used on the server side (or you'll have to update the CA on every client)
C'est la fin du monde !!! :lol:

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #32 on: September 21, 2015, 12:22:03 PM »
Exactly you are correct. I want to recover this server. I can send clients the new ovpn files created by server ca. But i want them to use domain uername and passwords to connect to this vpn. Thanks

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: OpenVPN
« Reply #33 on: September 21, 2015, 03:19:34 PM »
your best bet, as I told you, is to try to restore a backup on a new install of SME8.1

moreover, you'd try to find what contrib has been installed on your NethService

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #34 on: September 21, 2015, 04:09:09 PM »
Ok guys, I am downloading sme 9.0 i386 now. I will install this server as Gateway domain and when it is come to Openvpn I will contact you. thanks

Offline stephdl

  • *
  • 1,519
  • +0/-0
    • Linux et Geekeries
Re: OpenVPN
« Reply #35 on: September 21, 2015, 09:32:59 PM »
Ok guys, I am downloading sme 9.0 i386 now.

take a 64 bit
See http://wiki.contribs.org/Koozali_Foundation
irc : Freenode #sme_server #sme-fr

!!! Please write your knowledge to the Wiki !!!

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #36 on: September 21, 2015, 10:08:24 PM »
My question is  that Sme server supports PPTP AND SSH by default. But we can install openvpn on it. But if I installed openvpn can i use openvpn to connect to sme server using its domain usernames and passwords by windows 7 clients.
Because everybody in my company is adopted to use the way it was in nethservice. But My effort is impliment the sme server 9.x as it is the newest and most available helps via forums. someone answer me yes or no to this question. thanks.

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: OpenVPN
« Reply #37 on: September 21, 2015, 11:09:01 PM »
Yes it's possible. Look in the wiki for the openvpn bridge contrib for example
C'est la fin du monde !!! :lol:

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #38 on: September 23, 2015, 07:20:00 PM »
Dear all, i have installed the sme server 9.0 and configured it as a samba server. Then my point of openvpn. I followed all the information of vpn bridge documentation recommended by daniel. I installed vpn-bridge and phpki before installing openvpn. Is it no problem?


But it says when i connect "tls handshake error". What would be the problem

Is there anything do which is not mentioned in the tutorial?

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: OpenVPN
« Reply #39 on: September 23, 2015, 07:50:01 PM »
There's not enough info for us to help you. There's probably a lot more info in either your client or your server's log which could help
C'est la fin du monde !!! :lol:

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #40 on: September 23, 2015, 08:49:18 PM »
Ok. I am very sorry. I will supply u more info later.

Can u give me a little information;

What would be installed first ,

1. Openvpn-bridge
2. Openvpn software
3. Phpki

I think i missed the sequence.

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: OpenVPN
« Reply #41 on: September 23, 2015, 09:16:06 PM »
There's no sequence to follow. No matter which order you've installed the components,  it should just work. Just carefully follow the wiki guide
C'est la fin du monde !!! :lol:

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #42 on: September 23, 2015, 10:47:41 PM »
Thanks very much. I will reconfigure it tomorrow morning when i got office.

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: OpenVPN
« Reply #43 on: September 24, 2015, 04:47:31 AM »
smnirosh
Quote
......I will reconfigure it .......

You might use another word than "reconfigure" when talking about installing & configuring contribs/apps etc,  as reconfigure has a special meaning in SME server
ie it means to run these commands
signal-event post-upgrade
signal-event reboot
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline smnirosh

  • ****
  • 329
  • +0/-0
  • Learning never ends
Re: OpenVPN
« Reply #44 on: September 28, 2015, 03:02:01 PM »
All my friends, i installed smeserver and configured it as a openvpn server and it worked as i planned. Thanks for the support given by all of u. Lot of happy to me