|
|||
Hi again,
So I was trying to setup OpenVPN last night (using certificate) and I'm sure more configuration must be required before I run the commands outlined in the 'HOWTO' http://openvpn.net/index.php/open-so...howto.html#pki Code:
. ./vars ksh: ./vars[29]: /root/ovpn/whichopensslcnf: not found Code:
. ./vars /root/ovpn/openssl.cnf[10]: HOME: not found /root/ovpn/openssl.cnf[11]: RANDFILE: not found /root/ovpn/openssl.cnf[12]: openssl_conf: not found /root/ovpn/openssl.cnf[17]: oid_section: not found /root/ovpn/openssl.cnf[18]: engines: not found /root/ovpn/openssl.cnf[37]: default_ca: not found /root/ovpn/openssl.cnf[42]: dir: not found /root/ovpn/openssl.cnf[43]: certs: not found /root/ovpn/openssl.cnf[44]: crl_dir: not found /root/ovpn/openssl.cnf[45]: database: not found /root/ovpn/openssl.cnf[46]: new_certs_dir: not found /root/ovpn/openssl.cnf[48]: certificate: not found /root/ovpn/openssl.cnf[49]: serial: not found /root/ovpn/openssl.cnf[50]: crl: not found /root/ovpn/openssl.cnf[51]: private_key: not found /root/ovpn/openssl.cnf[52]: RANDFILE: not found /root/ovpn/openssl.cnf[54]: x509_extensions: not found /root/ovpn/openssl.cnf[60]: default_days: not found /root/ovpn/openssl.cnf[61]: 30: not found /root/ovpn/openssl.cnf[62]: default_md: not found /root/ovpn/openssl.cnf[63]: preserve: not found ... ... Goes on... Any idea what I'm missing? Thanks! |
|
|||
I had actually. The command's seem pretty much the same as provided by OpenVPN's guide.
I do notice he issues init-config on his OpenBSD which does not exist or exist in the "UNIX" install instructions on OpenVPN's site. From their site: Code:
Generate the master Certificate Authority (CA) certificate & key In this section we will generate a master CA certificate/key, a server certificate/key, and certificates/keys for 3 separate clients. For PKI management, we will use a set of scripts bundled with OpenVPN. If you are using Linux, BSD, or a unix-like OS, open a shell and cd to the easy-rsa subdirectory of the OpenVPN distribution. If you installed OpenVPN from an RPM file, the easy-rsa directory can usually be found in /usr/share/doc/packages/openvpn or /usr/share/doc/openvpn-2.0 (it's best to copy this directory to another location such as /etc/openvpn, before any edits, so that future OpenVPN package upgrades won't overwrite your modifications). If you installed from a .tar.gz file, the easy-rsa directory will be in the top level directory of the expanded source tree. If you are using Windows, open up a Command Prompt window and cd to \Program Files\OpenVPN\easy-rsa. Run the following batch file to copy configuration files into place (this will overwrite any preexisting vars.bat and openssl.cnf files): init-config Now edit the vars file (called vars.bat on Windows) and set the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL parameters. Don't leave any of these parameters blank. Next, initialize the PKI. On Linux/BSD/Unix: . ./vars ./clean-all ./build-ca On Windows: vars clean-all build-ca Thanks! |
|
|||
Hi all,
So I've managed to get the PKI and server installed/up and running. My issue above was that I was not properly pointing to where I moved the RSA files. I had not realized this needed to be done. (did it even say that in the guide?) Anyway Everything seems to be "working" with the exception that I cannot fully connect. I'm connecting from Windows and I get prompted for my password (enabled certificate password) and all that. Only now it just sits there saying "connecting..." I'm using OpenVPN w/ OpenVPN GUI. A snippet of my logs on the Windows machine. Code:
Thu Jul 09 13:59:38 2009 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Jul 09 13:59:38 2009 TLS Error: TLS handshake failed Thu Jul 09 13:59:38 2009 TCP/UDP: Closing socket Thu Jul 09 13:59:38 2009 SIGUSR1[soft,tls-error] received, process restarting Thu Jul 09 13:59:38 2009 Restart pause, 2 second(s) Thu Jul 09 13:59:40 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Thu Jul 09 13:59:40 2009 Re-using SSL/TLS context Thu Jul 09 13:59:40 2009 LZO compression initialized Thu Jul 09 13:59:40 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Thu Jul 09 13:59:40 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Thu Jul 09 13:59:40 2009 Local Options hash (VER=V4): '81620525' Thu Jul 09 13:59:40 2009 Expected Remote Options hash (VER=V4): '296pdylj' Thu Jul 09 13:59:40 2009 UDPv4 link local: [undef] Thu Jul 09 13:59:40 2009 UDPv4 link remote: "correct_ip":1194 Thanks! |
|
||||
Please include your session config file, but I suspect it has to do with the following two directives...
Code:
tls-server tls-auth /etc/ovpn/keys/tls-auth.key 0 /S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience. Last edited by s2scott; 10th July 2009 at 12:49 AM. |
|
|||
Hi again,
Thanks for all your help. Sorry for the delay in response. I've since been able to get connected to my VPN. I think the issue was that I was not starting OpenVPN properly. I have a few 'new' issues however. 1. OpenVPN does not seem to start when I reboot my system. rc.local Code:
openvpn --daemon --config /etc/openvpn/server.conf 3. On a side note. I use pppoe but it does not reconnect should it get disconnected unless the system is rebooted. Anyway to resolve? rc.local Code:
/usr/sbin/ppp -ddial pppoe Thanks for your help! |
|
|||
Any ideas?
|
|
||||
Change rc.local to use the explicit path to the executable in /usr/local/sbin. That directory might not be in init(8)'s $PATH when rc.local get's executed.
Quote:
Quote:
|
|
|||
Hi jggimi,
Thanks for your help! "/usr/local/sbin" seems to have worked! As far as my routes go that seems to be working again now. I've re: done some other portions of my network so the problem was probably elsewhere. :P For PPPoE I do not receive any error messages. My problem is if the line should disconnect without user interaction. I would like to to automatically try and reconnect. Configuration below: Code:
default: set log Phase Chat IPCP CCP tun command set redial 15 0 set reconnect 15 10000 set server /var/run/ppp.sock "" 0177 pppoe: set device "!/usr/sbin/pppoe -i rxl0" disable acfcomp protocomp deny acfcomp set mtu max 1492 set mru max 1492 set speed sync disable lqr set cd 5 set dial set login set timeout 0 set authname ************ set authkey ************ add! default HISADDR enable dns enable mssfixup Thanks for your help! |
|
||||
Quote:
Quote:
Quote:
|
|
|||
Anyone else notice the interface rxl0 in his configuration file? that doesn't look right.
|
|
|||
Okay let me start over.
My issue has nothing to do with an error message or crashing per-say. I'm talking about having PPPoE reconnect automatically when there is no connection already made. Example: I reset my interfaces /etc/netsh or pull the ethernet cable out temporarily and put it back, something that would result in losing the physical connection. I find that PPPoE does not regain it's connection. "redial the connection once the -path- is restored" If, on say a router, I were to pull the ethernet cable and put it back after a short while the connection to the internet would be restored. (assuming there was nothing preventing the connection) -I would like the same scenario to occur on OpenBSD. Also I have noticed PF fails when I reboot my system. I believe this is because TUN is not up yet. Would there be a way to work around this? Or do I have to put all my ext_if with ($ext_if)? Regarding specifying the route. I've tried many combination's of the below Code:
set ifaddr myip gateway 255.255.255.255 0.0.0.0 Hope that helps! Thanks! |
|
||||||
Quote:
Quote:
2. When you are pulling cables, you are changing the physical infrastructure. The pppoe protocol is point-to-point over Ethernet. When you physically disturb the underlying Ethernet layer, more is going on then simply a drop of the PPP connection. Quote:
Quote:
# echo up > /etc/hostname.tun0 Quote:
Quote:
|
|
|||||||
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
I'm limited at this time to make any changes since I risk loosing the connection. If you feel I should still try the changes listed earlier, I can do so later. Thanks for your help! |
|
||||
Quote:
My recommendation is to stop yanking on cables. You can write a script myriad ways. Here are three examples, depending on what fails when you pull a cable. Testing with pgrep: #!/bin/sh pgrep ppp > /dev/null || return [your restarting script begins here...] Testing with routing. No default route = link down: #!/bin/sh route -n show inet | grep default > /dev/null && return [your restarting script begins here Testing with ping: #!/bin/sh ping -c 1 [an external IP] > /dev/null || return [your restarting script begins here... I'd use the most recent default gateway for the ping test, above, obtained from a route command] Quote:
|
|
|||
OpenBSD has a kernel pppoe(4) and userland pppoe(8), you are currently using the userland implementation.
Both man pages are detailed, and contain example configurations. The kernel client might be better at maintaining and re-establishing a link if the connection fails, if either by a remote error.. or cable yanking.. if not, you could use the ifstated(4) daemon to monitor the pppoe(4) interface. [0] One other option may be the "enable lqr / accept lqr" option(s) for userland pppoe, according to the description.. "Enable and accept link quality requests, which can be used to detect whether the link has gone down." I hope this helps, but please.. for the sake of the kittens... don't yank cables. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Need help with NAT setup | Quaxo | OpenBSD Installation and Upgrading | 6 | 27th January 2009 08:03 PM |
DJ Setup | tad1214 | FreeBSD General | 8 | 21st July 2008 01:50 PM |
Remote Access to File Server | Oko | OpenBSD Security | 7 | 23rd June 2008 05:17 PM |
How To Setup WPA? | warriors | OpenBSD General | 8 | 15th June 2008 04:39 PM |
postfix setup | Demodog | General software and network | 12 | 11th June 2008 07:43 PM |