Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
OpenVPN 2.x TAP mini-HOWTO (linux 2 wifi-linux, wifi-xp)
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3, 4, 5  
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
cchee
Apprentice
Apprentice


Joined: 29 Jul 2003
Posts: 214
Location: NYC

PostPosted: Tue Oct 10, 2006 12:49 am    Post subject: Reply with quote

Did you have TCP port 800 open as well? Are you using tap? or tun? Just curious.
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1264

PostPosted: Tue Oct 10, 2006 2:24 am    Post subject: Reply with quote

cchee wrote:
Did you have TCP port 800 open as well? Are you using tap? or tun? Just curious.


Hello

Thanks for the reply! I'm still trying to get my head around all of this, so I apologize for my newbness.

I'm not accepting TCP port 800 on my firewall. As far as I knew, this was over UDP only. In fact, my DMZ/Wireless does not accept port 800 TCP.. only UDP and works. I'm not sure what the difference is between tap and tun, but I do have a tap0 interface, so does that mean I'm using tap?

Thanks!
hanji
_________________
Server Admin Blog - Uno-Code.com | Gentoo Hosting at Rackspace!
Back to top
View user's profile Send private message
cchee
Apprentice
Apprentice


Joined: 29 Jul 2003
Posts: 214
Location: NYC

PostPosted: Fri Oct 13, 2006 3:57 am    Post subject: Reply with quote

Just curious, do you have to use root access port (i.e. port < 1024)? OpenVPN standard official port is 1194. You may want to try that first. tap0 means you are using tap.
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1264

PostPosted: Fri Oct 13, 2006 3:00 pm    Post subject: Reply with quote

cchee wrote:
Just curious, do you have to use root access port (i.e. port < 1024)? OpenVPN standard official port is 1194. You may want to try that first. tap0 means you are using tap.


Hello, Thanks for replying. Using port 800 isn't a problem, also, my DMZ /w VPN to LAN works.
Code:

netstat -lnp | grep openvpn
udp        0      0 0.0.0.0:800             0.0.0.0:*                           24957/openvpn


Thanks!
hanji
_________________
Server Admin Blog - Uno-Code.com | Gentoo Hosting at Rackspace!
Back to top
View user's profile Send private message
cchee
Apprentice
Apprentice


Joined: 29 Jul 2003
Posts: 214
Location: NYC

PostPosted: Tue Apr 03, 2007 3:23 pm    Post subject: Reply with quote

Just add an update on how to setup port sharing with OpenVPN 2.1 (can't wait it becomes official in portage!!! Hint! Hint! ;-) )

NOTE: If you are using openvpn 2.1 (not yet in the official portage, hopefully soon) You can added the following line to do port sharing. The following line basically tells openvpn to listen to port 443, if the traffic is openvpn traffic, process it. Otherwise forward it to ssl_webserver.mycompany.com to process as https traffic. One great thing about this is you have one less hole in your firewall.
Code:

port-share ssl_webserver.mycompany.com 443
Back to top
View user's profile Send private message
Bender007
Tux's lil' helper
Tux's lil' helper


Joined: 11 Aug 2003
Posts: 110
Location: Göttingen

PostPosted: Mon Oct 01, 2007 10:21 pm    Post subject: openvpn idle Reply with quote

Hi,

I have a question. Its possible to disconnect afer an idle time of 2 mins?
I am using the "keepalive 10 120" option. It this option the problem? Or exist an other idle parameter?
And what tool can i use to watch open connections an disconnect clients? I tried the management option and Force logoff a user over the GUI but the user connects immediately again. What can i do?

server.conf:
Quote:

proto tcp-server
port 21113
dev tap0
tls-server
ca /etc/openvpn/privnet/ca.crt
cert /etc/openvpn/privnet/server.crt
key /etc/openvpn/privnet/server.key
dh /etc/openvpn/privnet/dh1024.pem
tls-auth /etc/openvpn/privnet/ta.key 0
mode server
duplicate-cn
ifconfig 192.168.10.1 255.255.255.0 #vpnserver
ifconfig-pool 192.168.10.2 192.168.10.10 255.255.255.0 #clientiprange
#ifconfig-pool-persist ipp.txt
#server 192.168.1.0 255.255.255.0
push "dhcp-option DNS 192.168.10.1"
push "route-gateway 192.168.10.1"
#mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
#ping 10
#ping-restart 120
#push "ping 10"
#push "ping-restart 60"
push "route 192.168.0.0 255.255.255.0 192.168.10.1"
push "route 192.168.10.0 255.255.255.0 192.168.10.1"
comp-lzo
verb 1
#status /var/log/openvpn-status.log
#log /var/log/openvpn.log
keepalive 10 120
user nobody
group nobody


Thx Bender
Back to top
View user's profile Send private message
snIP3r
l33t
l33t


Joined: 21 May 2004
Posts: 780
Location: germany

PostPosted: Mon Oct 15, 2007 6:10 pm    Post subject: Reply with quote

cchee wrote:
Just add an update on how to setup port sharing with OpenVPN 2.1 (can't wait it becomes official in portage!!! Hint! Hint! ;-) )

NOTE: If you are using openvpn 2.1 (not yet in the official portage, hopefully soon) You can added the following line to do port sharing. The following line basically tells openvpn to listen to port 443, if the traffic is openvpn traffic, process it. Otherwise forward it to ssl_webserver.mycompany.com to process as https traffic. One great thing about this is you have one less hole in your firewall.
Code:

port-share ssl_webserver.mycompany.com 443


can you also please tell how to configure apache to make this working?? cause i cannot start both configs (openvpn and apache) with usage of port 443. i also found no example on the web.

thx in advance
snIP3r
_________________
AMD X2 4450e on ASUS M2N-SLI Deluxe
Gentoo Base System 2.1
Kernel 3.2.12-gentoo SMP x86_64
-----------------------------------------------
if your problem is fixed please add something like [solved] to the topic!
Back to top
View user's profile Send private message
quackyo
n00b
n00b


Joined: 26 Nov 2007
Posts: 1

PostPosted: Mon Nov 26, 2007 3:17 pm    Post subject: Reply with quote

I have fiddled around with OpenVPN today..

I'm using OpenVPN server set up as bridge.
When I connect to it I get IP from DHCP (the DHCP in the net my VPN-server is on), but no ping.
after a while the connection times out, and tries reconnecting. After 1-5 minutes it gets reconnected and from then everything is fine.
I thought it was a firewall issue, but after trying to disable firewall in both ends I was stuck.. Until I remembered that I had a Linksys DD-WRT box with VPN-setup that works. I took a look at the setup there and found that the only difference was that my OpenVPN server runs in "mode server" and TLS-server (with certificates), but the Linksys runs with static-key only.

Well, I tried to reconfigure my VPN-server to use static key only and then it worked perfectly.
But I want the TLS-server feature, both for the multiple-client feature and for safety.

Anybody have a clue? I have tried to regenerate all certificates, but that didn't help.
All certificates i built with the easy-rsa scripts that follows openVPN.
Back to top
View user's profile Send private message
TatooFim
n00b
n00b


Joined: 20 Dec 2007
Posts: 1

PostPosted: Thu Dec 20, 2007 6:06 pm    Post subject: Reply with quote

damed92 wrote:
Firstly, thank you VERY much for this howto. I have OpenVPN working well.

One question:

I have the server set up at Location 1 (L1). It accepts Windows client connections from the internet fine.

What I need to do now is set up Location 2 (L2) to connect to L1 and create a permanant VPN tunnel, so that clients at L1 can get to L2 and clients at L2 can get to L1. L2 currently has a Linux firewall set up. My plan is to set up this machine as a Linux client to the server at L1

Basically, what I want to know:

Do I need to create a new conf file on the server using a different port for this connection, or can it use 5000? Keep in mind that I still want Windows clients from the net to get into L1.

Please advise, and thank you again.

Agree thanks
_________________
Coast to Coast AM
Back to top
View user's profile Send private message
cchee
Apprentice
Apprentice


Joined: 29 Jul 2003
Posts: 214
Location: NYC

PostPosted: Fri Oct 03, 2008 3:01 pm    Post subject: Reply with quote

snIP3r wrote:
cchee wrote:
Just add an update on how to setup port sharing with OpenVPN 2.1 (can't wait it becomes official in portage!!! Hint! Hint! ;-) )

NOTE: If you are using openvpn 2.1 (not yet in the official portage, hopefully soon) You can added the following line to do port sharing. The following line basically tells openvpn to listen to port 443, if the traffic is openvpn traffic, process it. Otherwise forward it to ssl_webserver.mycompany.com to process as https traffic. One great thing about this is you have one less hole in your firewall.
Code:

port-share ssl_webserver.mycompany.com 443


can you also please tell how to configure apache to make this working?? cause i cannot start both configs (openvpn and apache) with usage of port 443. i also found no example on the web.

thx in advance
snIP3r


snIP3r,

Sorry for really late reply. Have been busy and haven't had a chance to check back here for a while.

Your firewall will port forward 443 traffic to openvpn server with port-share configured. In your openvpn configuration file, you will add the aforementioned line where ssl_webserver.mycompany.com is the hostname or IP address of your webserver. But I don't think you can have both your openvpn and webserver running on the same physical machine. If you have a powerful box and some cpu/memory to spare, try to virtualize your webserver using vmware server or virtual box. Logically, it is still different IP address, but everything runs on one physical box.

You shouldn't need to change apache configuration file. OpenVPN will detect what kind of traffic it is and then redirect it to apache server if it is webserver request. Hope this help.
Back to top
View user's profile Send private message
snIP3r
l33t
l33t


Joined: 21 May 2004
Posts: 780
Location: germany

PostPosted: Fri Oct 03, 2008 6:41 pm    Post subject: Reply with quote

cchee wrote:
snIP3r wrote:
cchee wrote:
Just add an update on how to setup port sharing with OpenVPN 2.1 (can't wait it becomes official in portage!!! Hint! Hint! ;-) )

NOTE: If you are using openvpn 2.1 (not yet in the official portage, hopefully soon) You can added the following line to do port sharing. The following line basically tells openvpn to listen to port 443, if the traffic is openvpn traffic, process it. Otherwise forward it to ssl_webserver.mycompany.com to process as https traffic. One great thing about this is you have one less hole in your firewall.
Code:

port-share ssl_webserver.mycompany.com 443


can you also please tell how to configure apache to make this working?? cause i cannot start both configs (openvpn and apache) with usage of port 443. i also found no example on the web.

thx in advance
snIP3r


snIP3r,

Sorry for really late reply. Have been busy and haven't had a chance to check back here for a while.

Your firewall will port forward 443 traffic to openvpn server with port-share configured. In your openvpn configuration file, you will add the aforementioned line where ssl_webserver.mycompany.com is the hostname or IP address of your webserver. But I don't think you can have both your openvpn and webserver running on the same physical machine. If you have a powerful box and some cpu/memory to spare, try to virtualize your webserver using vmware server or virtual box. Logically, it is still different IP address, but everything runs on one physical box.

You shouldn't need to change apache configuration file. OpenVPN will detect what kind of traffic it is and then redirect it to apache server if it is webserver request. Hope this help.


hi cchee!

thx for your reply - even if its a little late ,)
thx also for the tip. my first thought is to have both on the same machine. but after reading your post here i will try to do as you suggested and put the webserver on another (test-)machine. if this works i can think about further steps...
i have a powerfull machine and i would like to have the webserver on the same machine than the openvpn server. but this may be difficult to realize - i hope i can do it.
thx for your tip anyway. after the first tests, i will post my results.

thx
snIP3r
_________________
AMD X2 4450e on ASUS M2N-SLI Deluxe
Gentoo Base System 2.1
Kernel 3.2.12-gentoo SMP x86_64
-----------------------------------------------
if your problem is fixed please add something like [solved] to the topic!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Goto page Previous  1, 2, 3, 4, 5
Page 5 of 5

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum