Hello everybody,
I'm starting configuring my Zentyal VPN server and I have (I guess) a totally beginner question.
I watched the tutorial "how to set up a vpn" but I'm stuck at the beginning. Actually, I don't understand the client configuration. In the video, for example, the ebox admin is never using the "Client" sub menu of the left banner "VPN" menu. It only uses the "Download client bundle" from the server sub menu.
Does this replace any client config ? how to use the client certificate I issued.
When I try to add a client, Ebox tells me that my server config is not finished, but I don't know what to add....
Finally, from a ubuntu client (connected on eth0 of ebox server (external) (eth1 being my LAN I want to access remotely)) I install openvpn package and try the :
openvpn --config mygeneratedebundle.conf and I got the following terminal answer:
PS: I added a rule in the firewall to allow vpn service (I let the port by default during the server conf)
Here is the log:
Thanks in advance for your help and again congratulations for this great software
Mon Aug 30 11:07:49 2010 OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
Mon Aug 30 11:07:49 2010 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Mon Aug 30 11:07:49 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Aug 30 11:07:49 2010 WARNING: file 'clientCAname.pem' is group or others accessible
Mon Aug 30 11:07:49 2010 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Mon Aug 30 11:07:49 2010 LZO compression initialized
Mon Aug 30 11:07:49 2010 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Aug 30 11:07:49 2010 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Aug 30 11:07:49 2010 Local Options hash (VER=V4): 'd79ca330'
Mon Aug 30 11:07:49 2010 Expected Remote Options hash (VER=V4): 'f7df56b8'
Mon Aug 30 11:07:49 2010 Socket Buffers: R=[124928->131072] S=[124928->131072]
Mon Aug 30 11:07:49 2010 UDPv4 link local: [undef]
Mon Aug 30 11:07:49 2010 UDPv4 link remote: [AF_INET]192.168.1.200:1194
Mon Aug 30 11:07:49 2010 TLS: Initial packet from [AF_INET]192.168.1.200:1194, sid=1a6d7cf1 264c552c
Mon Aug 30 11:07:49 2010 VERIFY OK: depth=1, /C=FR/ST=Region/L=City/O=CompanyName/CN=Certification_Authority_Certificate
Mon Aug 30 11:07:49 2010 VERIFY X509NAME OK: /C=FR/ST=Region/L=City/O=CompanyName/CN=vpn-vpn.companyname.com
Mon Aug 30 11:07:49 2010 VERIFY OK: depth=0, /C=FR/ST=Region/L=City/O=CompanyName/CN=vpn-vpn.companyname.com
Mon Aug 30 11:07:49 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Aug 30 11:07:49 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 30 11:07:49 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Aug 30 11:07:49 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 30 11:07:49 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Aug 30 11:07:49 2010 [vpn-vpn.companyname.com] Peer Connection Initiated with [AF_INET]192.168.1.200:1194
Mon Aug 30 11:07:51 2010 SENT CONTROL [vpn-vpn.companyname.com]: 'PUSH_REQUEST' (status=1)
Mon Aug 30 11:07:51 2010 PUSH: Received control message: 'PUSH_REPLY,route 192.168.5.0 255.255.255.0,route-gateway 192.168.10.1,ping 10,ping-restart 120,ifconfig 192.168.10.2 255.255.255.0'
Mon Aug 30 11:07:51 2010 OPTIONS IMPORT: timers and/or timeouts modified
Mon Aug 30 11:07:51 2010 OPTIONS IMPORT: --ifconfig/up options modified
Mon Aug 30 11:07:51 2010 OPTIONS IMPORT: route options modified
Mon Aug 30 11:07:51 2010 OPTIONS IMPORT: route-related options modified
Mon Aug 30 11:07:51 2010 ROUTE default_gateway=192.168.1.1
Mon Aug 30 11:07:51 2010 Note: Cannot ioctl TUNSETIFF tap: Operation not permitted (errno=1)
Mon Aug 30 11:07:51 2010 Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Mon Aug 30 11:07:51 2010 Cannot allocate TUN/TAP dev dynamically
Mon Aug 30 11:07:51 2010 Exiting