Openvpn configuration

[vcc]

Hi all,

Sorry for the dumb question.

I created the CA-key

Where can I create the server or where can I find a eBox openvpn how-to for dumies?

 

Many thanks in advance

[sixstone]

Hi vcc,

In order to create an openVPN server, you must create a CA certificate, as you did, and another certificate for the server. After doing that, you must go to "OpenVPN -> Create server" to create a new one with your desired parameters. Afterwards, you should add those networks you want your VPN clients connect to. Finally, in main OpenVPN page, clicking in download icon, you may get the bundle for your operating system (Windows or Linux|MacOS) to install it on the VPN client.

Hope this helps you a little.

[vcc]

Ok,

Thanks I will try and post the result

[vcc]

Hi,

I configured the server and the client but I can not connect.

Here is the connection log from the openvpn client

Thu Aug 14 19:31:38 2008 OpenVPN 2.1_rc9 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Jul 31 2008
Thu Aug 14 19:31:38 2008 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Thu Aug 14 19:31:38 2008 LZO compression initialized
Thu Aug 14 19:31:38 2008 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Aug 14 19:31:38 2008 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Aug 14 19:31:38 2008 Local Options hash (VER=V4): 'd79ca330'
Thu Aug 14 19:31:38 2008 Expected Remote Options hash (VER=V4): 'f7df56b8'
Thu Aug 14 19:31:38 2008 Socket Buffers: R=[0->0] S=[0->0]
Thu Aug 14 19:31:38 2008 UDPv4 link local: [undef]
Thu Aug 14 19:31:38 2008 UDPv4 link remote: 10.1.1.1:1194

[vcc]

Also,

At the syslog i have the following two erros several times during the boot

Init: ebox.openvpn.server.shootingstar main process (6130) terminated with status 1
Init: ebox.openvpn.server.shootingstar main process ended, respawming


I don´t know how I can use this information but seems to me there are a problem in the openvpn server, not in the client

[sixstone]

Check the VPN server logs at /var/log/ebox/openvpn/<server_name>.log.

Hope to know what's happening.

Thanks for your feedback!

[vcc]

The error I have in the openvpn log is the following:

server directive netmask is invalid

I tried several configurations but anything work

It is mandatory have two NIC's?
I only have one.

My server:
Server IP - 192.168.1.1
Netmask - 255.255.255.0
Gateway - 192.168.1.254

If it is possible one NIC what will be the correct configuration for the openvpn server?

[sixstone]

The error I have in the openvpn log is the following:

server directive netmask is invalid

I tried several configurations but anything work

It is mandatory have two NIC's?
I only have one.

No, it is not. With the last eBox version, NAT option is set when a single interface is configured in eBox.

My server:
Server IP - 192.168.1.1
Netmask - 255.255.255.0
Gateway - 192.168.1.254

If it is possible one NIC what will be the correct configuration for the openvpn server?

I think you are providing the same network for your VPN as well as your LAN. Please, be sure you're using different network address for your LAN and VPN. For instance,

LAN -> 192.168.1.0/24
VPN-> 192.168.2.0/24

Best regards,

[vcc]

Now I can the openvpn server starts, I can see that in the log.

But the network of the server is stoped.

I can not access the ebox by adminstration interface or any another metod

I need to configure the NIC as external?

How can I change that configuration on the ebox console?

[vcc]

I can not ping the ebox too

[sixstone]

You may mess up the interface configuración. As you point out, you must set the server with the following interface information:

address: 192.168.1.1
netmask: 255.255.255.0

But in your VPN server configuration, you must set a different network, for instance:

address: 192.168.2.0
netmask: 255.255.255.0

If you have lost the network configuration, you may set it manually with ifconfig command.

Hope this helps you.

[vcc]

No, I have exactly that configuration.

I'll try to set manually with ifconfig.

[vcc]

I tryed the help for ifconfig but it´s too technical to me.

Can you help me with this command?

[vcc]

ok, now I'm connected.

My laptop as the IP 192.168.2.2 but I can not connect to any machine from the lan 192.168.1.0/24.

There is a routing I need to do?

I configured a routing when I setup the server for the lan but I can not connect to any machine there

[vcc]

I will check the ebox firewall tomorow morning