Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: vcc on August 09, 2008, 07:40:55 am
-
Hi all,
Sorry for the dumb question.
I created the CA-key
Where can I create the server or where can I find a eBox openvpn how-to for dumies?
:-[
Many thanks in advance
-
Hi vcc,
In order to create an openVPN server, you must create a CA certificate, as you did, and another certificate for the server. After doing that, you must go to "OpenVPN -> Create server" to create a new one with your desired parameters. Afterwards, you should add those networks you want your VPN clients connect to. Finally, in main OpenVPN page, clicking in download icon, you may get the bundle for your operating system (Windows or Linux|MacOS) to install it on the VPN client.
Hope this helps you a little.
-
Ok,
Thanks I will try and post the result
-
Hi,
I configured the server and the client but I can not connect.
Here is the connection log from the openvpn client
Thu Aug 14 19:31:38 2008 OpenVPN 2.1_rc9 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Jul 31 2008
Thu Aug 14 19:31:38 2008 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Thu Aug 14 19:31:38 2008 LZO compression initialized
Thu Aug 14 19:31:38 2008 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Aug 14 19:31:38 2008 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Aug 14 19:31:38 2008 Local Options hash (VER=V4): 'd79ca330'
Thu Aug 14 19:31:38 2008 Expected Remote Options hash (VER=V4): 'f7df56b8'
Thu Aug 14 19:31:38 2008 Socket Buffers: R=[0->0] S=[0->0]
Thu Aug 14 19:31:38 2008 UDPv4 link local: [undef]
Thu Aug 14 19:31:38 2008 UDPv4 link remote: 10.1.1.1:1194
-
Also,
At the syslog i have the following two erros several times during the boot
Init: ebox.openvpn.server.shootingstar main process (6130) terminated with status 1
Init: ebox.openvpn.server.shootingstar main process ended, respawming
I don´t know how I can use this information but seems to me there are a problem in the openvpn server, not in the client
-
Check the VPN server logs at /var/log/ebox/openvpn/<server_name>.log.
Hope to know what's happening.
Thanks for your feedback!
-
The error I have in the openvpn log is the following:
server directive netmask is invalid
I tried several configurations but anything work
It is mandatory have two NIC's?
I only have one.
My server:
Server IP - 192.168.1.1
Netmask - 255.255.255.0
Gateway - 192.168.1.254
If it is possible one NIC what will be the correct configuration for the openvpn server?
-
The error I have in the openvpn log is the following:
server directive netmask is invalid
I tried several configurations but anything work
It is mandatory have two NIC's?
I only have one.
No, it is not. With the last eBox version, NAT option is set when a single interface is configured in eBox.
My server:
Server IP - 192.168.1.1
Netmask - 255.255.255.0
Gateway - 192.168.1.254
If it is possible one NIC what will be the correct configuration for the openvpn server?
I think you are providing the same network for your VPN as well as your LAN. Please, be sure you're using different network address for your LAN and VPN. For instance,
LAN -> 192.168.1.0/24
VPN-> 192.168.2.0/24
Best regards,
-
Now I can the openvpn server starts, I can see that in the log.
But the network of the server is stoped.
I can not access the ebox by adminstration interface or any another metod
I need to configure the NIC as external?
How can I change that configuration on the ebox console?
-
I can not ping the ebox too
-
You may mess up the interface configuración. As you point out, you must set the server with the following interface information:
address: 192.168.1.1
netmask: 255.255.255.0
But in your VPN server configuration, you must set a different network, for instance:
address: 192.168.2.0
netmask: 255.255.255.0
If you have lost the network configuration, you may set it manually with ifconfig command.
Hope this helps you.
-
No, I have exactly that configuration.
I'll try to set manually with ifconfig.
-
I tryed the help for ifconfig but it´s too technical to me.
Can you help me with this command?
-
ok, now I'm connected.
My laptop as the IP 192.168.2.2 but I can not connect to any machine from the lan 192.168.1.0/24.
There is a routing I need to do?
I configured a routing when I setup the server for the lan but I can not connect to any machine there
-
I will check the ebox firewall tomorow morning
-
ok, now I'm connected.
My laptop as the IP 192.168.2.2 but I can not connect to any machine from the lan 192.168.1.0/24.
There is a routing I need to do?
I configured a routing when I setup the server for the lan but I can not connect to any machine there
In order to be able to connect your laptop to the LAN, it requires to have an IP within the LAN, that is, an IP address within 192.168.1.0/24, for instance, 192.168.1.20. Afterwards, in eBox set as default gateway, your router and then save changes.
-
The problem started again.
I loose all the connectivity to the server sometimes one hour ou two after the setup
Normaly I configure the openvpn server without problems and when i'm going to save the changes made during the client setup I lost the network on the server
-
Here is my client connection log.
Seems to me everything is normal but I still can not connect to any client of the network.
I have the routing configured in the server setup
Wed Aug 20 17:00:02 2008 OpenVPN 2.1_rc9 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Jul 31 2008
Wed Aug 20 17:00:02 2008 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Wed Aug 20 17:00:02 2008 LZO compression initialized
Wed Aug 20 17:00:02 2008 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Aug 20 17:00:02 2008 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Aug 20 17:00:02 2008 Local Options hash (VER=V4): 'd79ca330'
Wed Aug 20 17:00:02 2008 Expected Remote Options hash (VER=V4): 'f7df56b8'
Wed Aug 20 17:00:02 2008 Socket Buffers: R=[0->0] S=[0->0]
Wed Aug 20 17:00:02 2008 UDPv4 link local: [undef]
Wed Aug 20 17:00:02 2008 UDPv4 link remote: xxx.xxx.xxx.xxx :1194
Wed Aug 20 17:00:02 2008 TLS: Initial packet from xxx.xxx.xxx.xxx:1194, sid=609cb15d a214c468
Wed Aug 20 17:00:03 2008 VERIFY OK: depth=1, /C=ES/ST=Nation/L=Nowhere/O=sunmobil/CN=Certification_Authority_Certificate
Wed Aug 20 17:00:03 2008 VERIFY X509NAME OK: /C=ES/ST=Nation/L=Nowhere/O=sunmobil/CN=server
Wed Aug 20 17:00:03 2008 VERIFY OK: depth=0, /C=ES/ST=Nation/L=Nowhere/O=sunmobil/CN=server
Wed Aug 20 17:00:03 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Aug 20 17:00:03 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 20 17:00:03 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Aug 20 17:00:03 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 20 17:00:03 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Aug 20 17:00:03 2008 [server] Peer Connection Initiated with 89.152.37.167:1194
Wed Aug 20 17:00:04 2008 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Aug 20 17:00:04 2008 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-gateway 192.168.2.1,ping 10,ping-restart 120,ifconfig 192.168.2.2 255.255.255.0'
Wed Aug 20 17:00:04 2008 OPTIONS IMPORT: timers and/or timeouts modified
Wed Aug 20 17:00:04 2008 OPTIONS IMPORT: --ifconfig/up options modified
Wed Aug 20 17:00:04 2008 OPTIONS IMPORT: route options modified
Wed Aug 20 17:00:04 2008 OPTIONS IMPORT: route-related options modified
Wed Aug 20 17:00:04 2008 TAP-WIN32 device [ligação de Área Local 2] opened: \\.\Global\{12512EED-582F-4AEB-A642-65C117F951FD}.tap
Wed Aug 20 17:00:04 2008 TAP-Win32 Driver Version 9.4
Wed Aug 20 17:00:04 2008 TAP-Win32 MTU=1500
Wed Aug 20 17:00:04 2008 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.2.2/255.255.255.0 on interface {12512EED-582F-4AEB-A642-65C117F951FD} [DHCP-serv: 192.168.2.0, lease-time: 31536000]
Wed Aug 20 17:00:04 2008 Successful ARP Flush on interface [18] {12512EED-582F-4AEB-A642-65C117F951FD}
Wed Aug 20 17:00:09 2008 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Wed Aug 20 17:00:09 2008 Route: Waiting for TUN/TAP interface to come up...
Wed Aug 20 17:00:14 2008 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Wed Aug 20 17:00:14 2008 Route: Waiting for TUN/TAP interface to come up...
Wed Aug 20 17:00:15 2008 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Wed Aug 20 17:00:15 2008 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 192.168.2.1
Wed Aug 20 17:00:15 2008 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Aug 20 17:00:15 2008 Route addition via IPAPI succeeded [adaptive]
Wed Aug 20 17:00:15 2008 Initialization Sequence Completed