subject:"OpenVPN Setup"

Thanks to everyone for the replies yesterday on OpenVPN. I'd like to report a 
few interesting things:

1. In doing some google searches on this last night, believe it or not some of 
the search results were the exact questions I asked in this group, only 
yesterday afternoon. And this was while I was watching Fox News make reports on 
how Google is watching and recording everything these days...Sheesh I didn't 
know their spiders ran that fast.

2. I have my OpenVPN process running on my FreeBSD server and wish to test it 
with the OpenVPN client for Windows on my laptop from an outside location. But 
the only outside locations I have access to right now are the local McDonalds 
and Starbucks which offer free WiFi via ATT's network. The trouble with this 
is 
they appear to be blocking almost everything at these locations with the 
exception of HTTP traffic. I can't make the connection and I cannot acces my 
LAN 
via SSH either. I don't think they are blocking any particular ports on these 
systems as much as they are just blocking everything except those ports which 
allow users to surf the web. The only thing which appears in the status window 
is that's it trying to make the handshake but then fails. I can ping my home 
server from these outside locations so I know my server is reachable.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: OpenVPN Setup

2011-05-11 Thread Ryan Coleman

You can still test it from home... do pings through a specific interface.

Or change your routing table information. Also you can communicate from the 
server itself to the client to test.

On May 11, 2011, at 8:11 AM, Bill Tillman wrote:

 Thanks to everyone for the replies yesterday on OpenVPN. I'd like to report a 
 few interesting things:
 
 1. In doing some google searches on this last night, believe it or not some 
 of 
 the search results were the exact questions I asked in this group, only 
 yesterday afternoon. And this was while I was watching Fox News make reports 
 on 
 how Google is watching and recording everything these days...Sheesh I didn't 
 know their spiders ran that fast.
 
 2. I have my OpenVPN process running on my FreeBSD server and wish to test it 
 with the OpenVPN client for Windows on my laptop from an outside location. 
 But 
 the only outside locations I have access to right now are the local McDonalds 
 and Starbucks which offer free WiFi via ATT's network. The trouble with this 
 is 
 they appear to be blocking almost everything at these locations with the 
 exception of HTTP traffic. I can't make the connection and I cannot acces my 
 LAN 
 via SSH either. I don't think they are blocking any particular ports on these 
 systems as much as they are just blocking everything except those ports which 
 allow users to surf the web. The only thing which appears in the status 
 window 
 is that's it trying to make the handshake but then fails. I can ping my home 
 server from these outside locations so I know my server is reachable.
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: OpenVPN Setup

2011-05-11 Thread Kevin Wilcox

On Wed, May 11, 2011 at 09:11, Bill Tillman btillma...@yahoo.com wrote:

 2. I have my OpenVPN process running on my FreeBSD server and wish to test it
 with the OpenVPN client for Windows on my laptop from an outside location. But
 the only outside locations I have access to right now are the local McDonalds
 and Starbucks which offer free WiFi via ATT's network. The trouble with this 
 is
 they appear to be blocking almost everything at these locations with the
 exception of HTTP traffic. I can't make the connection and I cannot acces my 
 LAN
 via SSH either. I don't think they are blocking any particular ports on these
 systems as much as they are just blocking everything except those ports which
 allow users to surf the web. The only thing which appears in the status window
 is that's it trying to make the handshake but then fails. I can ping my home
 server from these outside locations so I know my server is reachable.

It's not uncommon for guest/visitor/unsponsored/portal wireless to
only have ports 80 and 443 (sometimes only port 80) open. You can
modify your server's config to use port 80 instead of 1194 (assuming
you aren't running a webserver on that machine). Keep in mind that if
you do that then before you can connect you'll have to:

o change the config on the server
o restart openvpn on the server
o change the config on the client

kmw
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: OpenVPN Setup

From: Kevin Wilcox kevin.wil...@gmail.com
To: Bill Tillman btillma...@yahoo.com
Cc: freebsd-questions@freebsd.org
Sent: Wed, May 11, 2011 9:28:08 AM
Subject: Re: OpenVPN Setup

On Wed, May 11, 2011 at 09:11, Bill Tillman btillma...@yahoo.com wrote:

 2. I have my OpenVPN process running on my FreeBSD server and wish to test it
 with the OpenVPN client for Windows on my laptop from an outside location. But
 the only outside locations I have access to right now are the local McDonalds
 and Starbucks which offer free WiFi via ATT's network. The trouble with this 
is
 they appear to be blocking almost everything at these locations with the
 exception of HTTP traffic. I can't make the connection and I cannot acces my 
LAN
 via SSH either. I don't think they are blocking any particular ports on these
 systems as much as they are just blocking everything except those ports which
 allow users to surf the web. The only thing which appears in the status window
 is that's it trying to make the handshake but then fails. I can ping my home
 server from these outside locations so I know my server is reachable.

It's not uncommon for guest/visitor/unsponsored/portal wireless to
only have ports 80 and 443 (sometimes only port 80) open. You can
modify your server's config to use port 80 instead of 1194 (assuming
you aren't running a webserver on that machine). Keep in mind that if
you do that then before you can connect you'll have to:

o change the config on the server
o restart openvpn on the server
o change the config on the client

kmw
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Thanks again. Setting the proto to tcp, port 443 is working at least. I'm 
sitting comfortably in a Starbucks with a cup of java and smooth jazz playing 
and with a powered connection so I won't have to worry about battery in this 
laptop which only lasts about 20 minutes these days. So I can run the VPN 
client 
here and it makes connection and grabs an IP address 10.8.0.6, and I can ping 
the tunnel device on the other end 10.8.0.1 but I cannot access the other side 
of the VPN server at home, 10.0.0.0/24. Nothing will reply to pings and my 
attempts to do remote desktop with one of my windows machines fails and I 
cannot 
access the Samba shares on the VPN server. I guess this must be a routing issue 
but I thought the OpenVPN server set this up when it started. Any additional 
advice will be appreciated. I'm going to stay here and hack at it until they 
run 
me off.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: OpenVPN Setup

From: Kevin Wilcox kevin.wil...@gmail.com
To: Bill Tillman btillma...@yahoo.com
Cc: freebsd-questions@freebsd.org
Sent: Wed, May 11, 2011 9:28:08 AM
Subject: Re: OpenVPN Setup

On Wed, May 11, 2011 at 09:11, Bill Tillman btillma...@yahoo.com wrote:

 2. I have my OpenVPN process running on my FreeBSD server and wish to test it
 with the OpenVPN client for Windows on my laptop from an outside location. But
 the only outside locations I have access to right now are the local McDonalds
 and Starbucks which offer free WiFi via ATT's network. The trouble with this 
is
 they appear to be blocking almost everything at these locations with the
 exception of HTTP traffic. I can't make the connection and I cannot acces my 
LAN
 via SSH either. I don't think they are blocking any particular ports on these
 systems as much as they are just blocking everything except those ports which
 allow users to surf the web. The only thing which appears in the status window
 is that's it trying to make the handshake but then fails. I can ping my home
 server from these outside locations so I know my server is reachable.

It's not uncommon for guest/visitor/unsponsored/portal wireless to
only have ports 80 and 443 (sometimes only port 80) open. You can
modify your server's config to use port 80 instead of 1194 (assuming
you aren't running a webserver on that machine). Keep in mind that if
you do that then before you can connect you'll have to:

o change the config on the server
o restart openvpn on the server
o change the config on the client

kmw
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Thanks again. Setting the proto to tcp, port 443 is working at least. I'm 
sitting comfortably in a Starbucks with a cup of java and smooth jazz playing 
and with a powered connection so I won't have to worry about battery in this 
laptop which only lasts about 20 minutes these days. So I can run the VPN 
client 
here and it makes connection and grabs an IP address 10.8.0.6, and I can ping 
the tunnel device on the other end 10.8.0.1 but I cannot access the other side 
of the VPN server at home, 10.0.0.0/24. Nothing will reply to pings and my 
attempts to do remote desktop with one of my windows machines fails and I 
cannot 
access the Samba shares on the VPN server. I guess this must be a routing issue 
but I thought the OpenVPN server set this up when it started. Any additional 
advice will be appreciated. I'm going to stay here and hack at it until they 
run 
me off.

Just cleared one more hurdle. Turns out the PUSH line in server.conf was still 
commented out. A quick change there and it's off and running. I can now ping 
inside my LAN from this remote connection and just completed a successful 
Remote 
Desktop session with one of the Windows clients inside as well. I'm still 
somewhat confused on the routes needed and several of my tests are still in 
place on the home LAN servers so I'm not sure what actually worked and what can 
be removed if any. The PUSH line though seemed to be all it needed but I think 
there is something on the inside which needs to be set as well.

Sorry for all the traffic, but I have the time this week to hack at this until 
I 
get it right.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

OpenVPN Setup

Thanks again for all the great tips on OpenVPN setup. I think its about ready 
for real deployment but I have a couple of more questions.

My OpenVPN server (10.0.0.254) is inside my LAN behind another FreeBSD 
router/gateway (10.0.0.253) which is running IPFW+NATD and handles the LAN's 
connection to the cable modem. All that is running fine.

In the docs I read it told me to turn forwarding on at the OpenVPN server 
(10.0.0.254) as well, effectively turning it into another gateway. I was 
wondering if this could be avoided, assuming the docs I read were about a setup 
where the VPN server was right off the Internet and was needed as the gateway.

I added this route to the FreeBSD router (10.0.0.253) which on my LAN is the 
machine right off the cable modem:

    route add -net 10.8.0.0/24 10.0.0.254

This made everything work but I'd like to ask if this is the most efficient way 
of setting up the routing table.on the router (10.0.0.253).

When I check the routing tables on the OpenVPN server with netstat -nr I see 
this info:

Internet:
Destination    Gateway    Flags    Refs  Use  Netif Expire
default   10.0.0.253 UGS 0  31257     bge0
10.0.0.0/24    link#3    U   1   101587  bge0
10.0.0.254 link#3    UHS  0     0   lo0
10.8.0.0/24    10.8.0.2UGS 0    33716   tun0
10.8.0.1      link#5   UHS  0    2   
 lo0
10.8.0.2  link#5   UH    0 0  
 tun0
127.0.0.1    link#4   UH    0    472    lo0

I'm curious as to why the 3rd entry shows the route for 10.8.0.0/24 goes 
through 
10.8.0.2 as it's gateway. 10.8.0.2 is not pingable in this setup.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

OpenVPN Setup

I have a FreeBSD-8.2-STABLE server running OpenVPN. What I'm trying to do is to 
be able to access my LAN with my M$ Windows laptop using a M$ compatible 
client. 
I read the manpage and it basically sets forth examples in which there will be 
two (2) OpenVPN servers. In my case I will only have one OpenVPN server and my 
laptop out there on the road. And of course I won't know the IP address of my 
laptop until I connect out there somewhere. Can anyone recommend how to do this 
or where I can read more about how to use OpenVPN with only one server?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: OpenVPN Setup

2011-05-10 Thread Chuck Swiger

On May 10, 2011, at 12:55 PM, Bill Tillman wrote:
 I have a FreeBSD-8.2-STABLE server running OpenVPN. What I'm trying to do is 
 to 
 be able to access my LAN with my M$ Windows laptop using a M$ compatible 
 client. 
 I read the manpage and it basically sets forth examples in which there will 
 be 
 two (2) OpenVPN servers. In my case I will only have one OpenVPN server and 
 my 
 laptop out there on the road. And of course I won't know the IP address of my 
 laptop until I connect out there somewhere. Can anyone recommend how to do 
 this 
 or where I can read more about how to use OpenVPN with only one server?


OpenVPN's site provides fine documentation:

  http://openvpn.net/index.php/open-source/documentation.html
  
http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html

Regards,
-- 
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: OpenVPN Setup

2011-05-10 Thread Darek M


On 5/10/2011 3:55 PM, Bill Tillman wrote:

I have a FreeBSD-8.2-STABLE server running OpenVPN. What I'm trying to do is to
be able to access my LAN with my M$ Windows laptop using a M$ compatible client.
I read the manpage and it basically sets forth examples in which there will be
two (2) OpenVPN servers. In my case I will only have one OpenVPN server and my
laptop out there on the road. And of course I won't know the IP address of my
laptop until I connect out there somewhere. Can anyone recommend how to do this
or where I can read more about how to use OpenVPN with only one server?


There's a client for Windows from the OpenVPN folks available under 
http://openvpn.net/index.php/open-source/downloads.html


If you're on Windows 7, Install is by running it as administrator, and 
configure the shortcut to run the client itself as administrator.  You 
should then have a nice roaming setup.


--
Darek




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Fw: OpenVPN Setup

From: Chuck Swiger cswi...@mac.com
To: Bill Tillman btillma...@yahoo.com
Cc: freebsd-questions@freebsd.org
Sent: Tue, May 10, 2011 4:14:34 PM
Subject: Re: OpenVPN Setup

On May 10, 2011, at 12:55 PM, Bill Tillman wrote:
 I have a FreeBSD-8.2-STABLE server running OpenVPN. What I'm trying to do is 
 to 

 be able to access my LAN with my M$ Windows laptop using a M$ compatible 
client. 

 I read the manpage and it basically sets forth examples in which there will 
 be 

 two (2) OpenVPN servers. In my case I will only have one OpenVPN server and 
 my 

 laptop out there on the road. And of course I won't know the IP address of my 
 laptop until I connect out there somewhere. Can anyone recommend how to do 
 this 

 or where I can read more about how to use OpenVPN with only one server?

OpenVPN's site provides fine documentation:

  http://openvpn.net/index.php/open-source/documentation.html

http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html

Regards,
-- 
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

I'm working through the docs you referenced in the HOWTO and it says:
Next, initialize the PKI. On Linux/BSD/Unix:
. ./vars
./clean-all
./build-ca
the vars file is not executable and from what I see in the Makefile they want 
to 
chmod it to 644I tried /bin/sh ./vars and it seemed to work but then when I 
run ./clean-all which is executable I get
Please source the vars script first (i.e. . ./vars)
Make sure you have edited it to reflect your configuration.
I'm stumped as this appears to be something Linux will handle but not 
FreeBSDany suggestions?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: OpenVPN Setup

2011-05-10 Thread Chuck Swiger

On May 10, 2011, at 2:50 PM, Bill Tillman wrote:
OpenVPN's site provides fine documentation:

http://openvpn.net/index.php/open-source/documentation.html

http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
[ ... ]
I'm working through the docs you referenced in the HOWTO and it says:
Next, initialize the PKI. On Linux/BSD/Unix:

. ./vars
./clean-all
./build-ca

If you're trying to setup a CA for PKI, then you're not following the static
key document:

Static Key Mini-HOWTO

Introduction

Static key configurations offer the simplest setup, and are ideal for
point-to-point VPNs or proof-of-concept testing.

Static Key advantages

• Simple Setup
• No X509 PKI (Public Key Infrastructure) to maintain

the vars file is not executable and from what I see in the Makefile they want
to chmod it to 644I tried /bin/sh ./vars and it seemed to work but then
when I run ./clean-all which is executable I get
Please source the vars script first (i.e. . ./vars)

Yes. The directions assume you are running /bin/sh (or Bourne-compatible
shells bash, ksh, zsh, etc).

Do that, and . ./vars will work. Running /bin/sh ./vars also works, but is
useless because it changes the variables in a subshell which exits once it
finishes processing the ./vars file.

Make sure you have edited it to reflect your configuration.
I'm stumped as this appears to be something Linux will handle but not
FreeBSDany suggestions?

Yes, follow the directions. OpenVPN works fine on FreeBSD.

Regards,
--
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: OpenVPN Setup

Yes, I got that after a few searches...I ended up installing bash because so 
many things these days are Linux centric and bash is the default shell on 
Linux. 
I through all the setup and created the certificates. Now to fire it up and 
then 
take my laptop down to Starbucks and try to login.





From: Chuck Swiger cswi...@mac.com
To: Bill Tillman btillma...@yahoo.com
Cc: freebsd-questions@freebsd.org
Sent: Tue, May 10, 2011 6:02:13 PM
Subject: Re: OpenVPN Setup

On May 10, 2011, at 2:50 PM, Bill Tillman wrote:
 OpenVPN's site provides fine documentation:
 
  http://openvpn.net/index.php/open-source/documentation.html
  
http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html

[ ... ]
 I'm working through the docs you referenced in the HOWTO and it says:
 Next, initialize the PKI. On Linux/BSD/Unix:
 
 . ./vars
 ./clean-all
 ./build-ca

If you're trying to setup a CA for PKI, then you're not following the static 
key 
document:

Static Key Mini-HOWTO

Introduction

Static key configurations offer the simplest setup, and are ideal for 
point-to-point VPNs or proof-of-concept testing.

Static Key advantages

    • Simple Setup
    • No X509 PKI (Public Key Infrastructure) to maintain

 the vars file is not executable and from what I see in the Makefile they want 
to chmod it to 644I tried /bin/sh ./vars and it seemed to work but then 
when 
I run ./clean-all which is executable I get
 Please source the vars script first (i.e. . ./vars)

Yes.  The directions assume you are running /bin/sh (or Bourne-compatible 
shells 
bash, ksh, zsh, etc).

Do that, and . ./vars will work.  Running /bin/sh ./vars also works, but is 
useless because it changes the variables in a subshell which exits once it 
finishes processing the ./vars file.

 Make sure you have edited it to reflect your configuration.
 I'm stumped as this appears to be something Linux will handle but not 
FreeBSDany suggestions?

Yes, follow the directions.  OpenVPN works fine on FreeBSD.

Regards,
-- 
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: OpenVPN Setup

One more thing. I am going to need the Windows Client but I don't seem to find 
that at the OpenVPN site, only the full install which I assume installs the 
server as well as the client. Or am I missing the link to get just the client 
install. I would like to keep the overhead to a minimum.





From: Chuck Swiger cswi...@mac.com
To: Bill Tillman btillma...@yahoo.com
Cc: freebsd-questions@freebsd.org
Sent: Tue, May 10, 2011 6:02:13 PM
Subject: Re: OpenVPN Setup

On May 10, 2011, at 2:50 PM, Bill Tillman wrote:
 OpenVPN's site provides fine documentation:
 
  http://openvpn.net/index.php/open-source/documentation.html
  
http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html

[ ... ]
 I'm working through the docs you referenced in the HOWTO and it says:
 Next, initialize the PKI. On Linux/BSD/Unix:
 
 . ./vars
 ./clean-all
 ./build-ca

If you're trying to setup a CA for PKI, then you're not following the static 
key 
document:

Static Key Mini-HOWTO

Introduction

Static key configurations offer the simplest setup, and are ideal for 
point-to-point VPNs or proof-of-concept testing.

Static Key advantages

    • Simple Setup
    • No X509 PKI (Public Key Infrastructure) to maintain

 the vars file is not executable and from what I see in the Makefile they want 
to chmod it to 644I tried /bin/sh ./vars and it seemed to work but then 
when 
I run ./clean-all which is executable I get
 Please source the vars script first (i.e. . ./vars)

Yes.  The directions assume you are running /bin/sh (or Bourne-compatible 
shells 
bash, ksh, zsh, etc).

Do that, and . ./vars will work.  Running /bin/sh ./vars also works, but is 
useless because it changes the variables in a subshell which exits once it 
finishes processing the ./vars file.

 Make sure you have edited it to reflect your configuration.
 I'm stumped as this appears to be something Linux will handle but not 
FreeBSDany suggestions?

Yes, follow the directions.  OpenVPN works fine on FreeBSD.

Regards,
-- 
-Chuck
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: OpenVPN Setup

2011-05-10 Thread Chuck Swiger

On May 10, 2011, at 3:31 PM, Bill Tillman wrote:
 One more thing. I am going to need the Windows Client but I don't seem to 
 find that at the OpenVPN site, only the full install which I assume installs 
 the server as well as the client. Or am I missing the link to get just the 
 client install. I would like to keep the overhead to a minimum.

There isn't different software for server and client; OpenVPN performs either 
role depending on how it is configured.
Given that the Windows installer is very close to the size of a 1.4 MB floppy, 
you're likely consuming about twenty cents worth of disk space, or about a 
dollar's worth of SSD space.

Regards,
-- 
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Fw: OpenVPN Setup

From: Chuck Swiger cswi...@mac.com
To: Bill Tillman btillma...@yahoo.com
Cc: freebsd-questions@freebsd.org
Sent: Tue, May 10, 2011 6:39:48 PM
Subject: Re: OpenVPN Setup

OK I know I saw this somewhere but it eludes me now. I have generated the keys 
and certificates for the server and client on my FreeBSD server. I then copied 
them over to my Windows laptop but apparently cannot find where I'm supposed to 
copy them to. And my replies keep getting blocked by some kind of spam filter.
On May 10, 2011, at 3:31 PM, Bill Tillman wrote:
 One more thing. I am going to need the Windows Client but I don't seem to 
 find 
that at the OpenVPN site, only the full install which I assume installs the 
server as well as the client. Or am I missing the link to get just the client 
install. I would like to keep the overhead to a minimum.

There isn't different software for server and client; OpenVPN performs either 
role depending on how it is configured.
Given that the Windows installer is very close to the size of a 1.4 MB floppy, 
you're likely consuming about twenty cents worth of disk space, or about a 
dollar's worth of SSD space.

Regards,
-- 
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Fw: OpenVPN Setup

On Tue, May 10, 2011 at 19:19, Bill Tillman btillma...@yahoo.com wrote:

 OK I know I saw this somewhere but it eludes me now. I have generated the keys
 and certificates for the server and client on my FreeBSD server. I then copied
 them over to my Windows laptop but apparently cannot find where I'm supposed 
 to
 copy them to. And my replies keep getting blocked by some kind of spam filter.

The client conf and all certs can go in one directory under

(32-bit Windows) C:\Program Files\OpenVPN\config\

(64-bit Windows) C:\Program Files(x86)\OpenVPN\config\

kmw
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Fw: OpenVPN Setup

From: Kevin Wilcox kevin.wil...@gmail.com
To: Bill Tillman btillma...@yahoo.com
Cc: freebsd-questions@freebsd.org
Sent: Tue, May 10, 2011 7:42:21 PM
Subject: Re: Fw: OpenVPN Setup

On Tue, May 10, 2011 at 19:19, Bill Tillman btillma...@yahoo.com wrote:

 OK I know I saw this somewhere but it eludes me now. I have generated the keys
 and certificates for the server and client on my FreeBSD server. I then copied
 them over to my Windows laptop but apparently cannot find where I'm supposed 
to
 copy them to. And my replies keep getting blocked by some kind of spam filter.

The client conf and all certs can go in one directory under

(32-bit Windows) C:\Program Files\OpenVPN\config\

(64-bit Windows) C:\Program Files(x86)\OpenVPN\config\

kmw

This is a very frustrating process but I think I'm getting there. The files I 
created on the FreeBSD server which I copied over are:

   client1.crt
   client1.csr
   client1.key

But the windows setup appears that it wants one of these files to be called 
client.ovpn. Of course I can't give all of them that name so I'm stumped again.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Fw: OpenVPN Setup

On Tue, May 10, 2011 at 19:59, Bill Tillman btillma...@yahoo.com wrote:

 This is a very frustrating process but I think I'm getting there. The files
 I created on the FreeBSD server which I copied over are:

    client1.crt
    client1.csr
    client1.key

 But the windows setup appears that it wants one of these files to be called
 client.ovpn. Of course I can't give all of them that name so I'm stumped
 again.

You only need to copy the .crt and .key files, those are your key and
certificate for the client named client1.

They are used for authentication.

The .ovpn file (.conf on Unix) contains the information OpenVPN needs
to find your OpenVPN server. A good sample can be found at
http://openvpn.net/index.php/open-source/documentation/howto.html#examples.

For example, I give the following config to my clients:



client
dev tun
proto udp
remote put_your_server_ip_here 1194
resolv-retry infinite
nobind
persist-key
persist-tun
route-method exe
route-delay 2
ca ca.crt
cert client1.crt
key client1.key
# only uncomment if you setup tls-auth
# tls-auth tls-auth.key 1
verb 3
comp-lzo



Yours won't match exactly but it'll probably be awfully close.

kmw
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Fw: OpenVPN Setup

On Tue, May 10, 2011 at 20:09, Kevin Wilcox kevin.wil...@gmail.com wrote:

 On Tue, May 10, 2011 at 19:59, Bill Tillman btillma...@yahoo.com wrote:

    client1.crt
    client1.csr
    client1.key

 You only need to copy the .crt and .key files, those are your key and
 certificate for the client named client1.

One more comment there - you also need the ca.crt file.

kmw
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: OpenVPN Setup