Topic: [ANNOUNCE] smeserver-openvpn-bridge-fws-1.1-2.rpm

[Daniel B.]

so are there any full working steps to get this working in server-gateway mode since all these updates ?

It should work without any changes in server & gataway, my own server is in this configuration, sme 7.1.2 and smeserver-openvpn-bridge-fws-1.1-1

[KaiNeR]

do you have the sme's inbuilt pptp service disabled while using openvpn ?

[Franco]

Code: [Select]

unregister_netdevice: waiting for br0 to become free. Usage count = 1

I get this message everytime I need to reboot it stays there for about 30 lines and then the system reboots.

[Franco]

do you have the sme's inbuilt pptp service disabled while using openvpn ?

I don't use PPTP at all

[KaiNeR]

are the correct steps for installation still the ones from the pdf in the first post of this thread ?

also wondering if it is possible have it running on tcp port 8080

[AndrewR]

are the correct steps for installation still the ones from the pdf in the first post of this thread ?

also wondering if it is possible have it running on tcp port 8080

KaiNeR,

The simple answer to both questions is yes. However... I think you're better off using the UDP port 1194, or some other unused UDP. 8080 is generally used for WebProxy servers, and should be left for that kind of traffic.

When selecting a port to use, refer to the following:

http://www.iana.org/assignments/port-numbers

If you're not going to use udp 1194, then be sure to choose an unused port from this list. Cheers.

[KaiNeR]

I need to use TCP port 8080 because i want to be able to vpn to my sme server from work. 8080 being the Only port available on the proxy at work

is it possible ?

thanks

[AndrewR]

I need to use TCP port 8080 because i want to be able to vpn to my sme server from work. 8080 being the Only port available on the proxy at work

is it possible ?

thanks

Well, before you do that... perhaps you should check with your Network staff. If they've blocked all port traffic except 8080, then making a connection to your home PC / an external network becomes a security risk. You shouldn't be connecting to another network from your office without first clearing it with your Network Admin / IT department. Besides the risks of virus infection, there's also data integrity / loss, and if it ever came out that you did this without consulting them first, it could be grounds for them to terminate your employment. It's a good practice, and it's being responsible.


Finally, if all you want to do is connect to your SME server from work... rather than using VPN, I would suggest you look at remote management of the SME server.  The SME can be configured to allow access to the site from remote addresses, such as the public IP address, and you can just log into Webmin much as you would from within your home network. This doesn't have the same kinds of security risks as vpn, and is little more than a website visit.. whereas creating a VPN connection to a non-corporate network raises all kinds of issues.  If that interests you, I suggest you read through the SME manual, as it will detail how you can setup remote management etc.

[lupo]

Hi,

can anybody tell me how I have to configure this Contrib when I have a local Domain (something.local) and want to access my server by a DynDNS-Domain?
How do I get the right config and certificates, as I want to use Authentification Method 3? My SME works as Server-Gateway.

Thanks!
Lupo

[Daniel B.]

Hi,

can anybody tell me how I have to configure this Contrib when I have a local Domain (something.local) and want to access my server by a DynDNS-Domain?
How do I get the right config and certificates, as I want to use Authentification Method 3? My SME works as Server-Gateway.

Thanks!
Lupo

Hi! In the last release (1.1-1) there's an option in the advance configuration to setup what I call "an external domain", I mean, the domain name used to access your server from the outside, this option is specially usefull for dyndns (my own server uses a dyndns domain). So all you have to do is  to configure auth method 3 in the main page, enable the service, then click on apply. After, go in the advance configuration page, and enter your dyndns domain name in External domain Name. After that, go in the certificate manager, generaate one certificate, and the config file should be generated.

[gerd]

I have recently made a fresh SME 7.1.3 install (server-gateway mode) and of the required Open VPN release 1.1-1. To my knowledge all client certificates were created properly and installed in the config file of "openvpn-2.0.7-gui-1.0.3" a Windows XP client. But when I try to connect to the server, I am faced with the following messages:

- connection reset py peer (WSAECONNRESET)(Code=10054)
- TLS key negotiation failed to occur within 60 sec (check your network connectivity)
- TLS handshake failed
- TCP/UPD: closing socket

In the latest "How-to: install smeserver-openvpn-bridge" I could read under item 2: Fixing iptables problem for SME7.1.2 and 7.1.3.....there is a bug in the firewall script which prevent any UDP port to be opended...etc, but no restriction whether it is applicable for server-only mode or server-gateway mode....

So finally I hope to get some help/support for two questions:

- Any idea for the message TLS handshake failed??

- In the event that this error message is caused by the "iptables problem" VIP-ire stated in his e-mail as of the 2nd of april...this problem of iptables rejecting occurs only in server-only mode. So in fact, I am not concerned because I have installed a server-gateway mode??

I had the OVPN running smoothly under SME7.0, and my hope is to get it working also under SME7.1.3......

Thanx in advance for your support

best regards

gerd

[Daniel B.]

I have recently made a fresh SME 7.1.3 install (server-gateway mode) and of the required Open VPN release 1.1-1. To my knowledge all client certificates were created properly and installed in the config file of "openvpn-2.0.7-gui-1.0.3" a Windows XP client. But when I try to connect to the server, I am faced with the following messages:

- connection reset py peer (WSAECONNRESET)(Code=10054)
- TLS key negotiation failed to occur within 60 sec (check your network connectivity)
- TLS handshake failed
- TCP/UPD: closing socket

In the latest "How-to: install smeserver-openvpn-bridge" I could read under item 2: Fixing iptables problem for SME7.1.2 and 7.1.3.....there is a bug in the firewall script which prevent any UDP port to be opended...etc, but no restriction whether it is applicable for server-only mode or server-gateway mode....

So finally I hope to get some help/support for two questions:

- Any idea for the message TLS handshake failed??

- In the event that this error message is caused by the "iptables problem" VIP-ire stated in his e-mail as of the 2nd of april...this problem of iptables rejecting occurs only in server-only mode. So in fact, I am not concerned because I have installed a server-gateway mode??

I had the OVPN running smoothly under SME7.0, and my hope is to get it working also under SME7.1.3......

Thanx in advance for your support

best regards

gerd

Well, yes, I confirm, the bugs in iptables affects server only but not server & gateway. The error yo have is quite common, it means the client cannot reach the port 1194 of your server (or what ever you have configured). It can be a routing issue, a port redirection issue, a firewall issue etc...
You should check the server side logs (through the server-manager, you can see the last 100 lines),
You should follow this how-to http://smeserver.fr/astuces.php?astuce=net_masq_logging to enable logging of firewall events in a separate log, then check it with tail -f to be sure it's not the firewall blocking the requests.

[gerd]

Hum,
mystere et boule de gomme...

As I have told - I have installed a fresh SME7.1.3 server - and then openvpn release 1.1-1.
Nothing was changed  as to the ip-rules of the SME server. Concerning the WINXP client - also here nothing was changed as to the client firewall etc. Of course, I have applied new certificates and keys and I installed the new config file... So the absolut minimum of modifications was applied. But neverthless - it still doesn't work.
In summary I had before the SME7.0 server and the OpenVPN software which was availible in january this year. And everything worked perfect...

I will still continue to try to make OVPN running, as usually the problem is in front of the PC and not the PC itself...

best regards

gerd

[gerd]

I have forgotten to mention that there is nor port forwarding. The SME server is configured as a gateway-server mode: therefore ETH1 is connected directly to the DSL modem. The local network of the SME server is DHCP mode. The client which should be connected via OVPN to the SME is connected viaa a modem to the DSL network.

The IP of the remote client is 192.168.20.xxx, the IP range of the local network of the SME server is DHCP mode fm 192.168.1.40 (start) to 192.168.1.80 (end). The DHCP range for OVPN is fm 192.168.1.90 (start) to 192.168.1.99 (end). So to my guess this should be ok.

Sometimes I wonder whether TCP instead of UDP could be a solution to my problems - however I like to know the root cause....

regards

gerd

[Stefano]

Code: [Select]

unregister_netdevice: waiting for br0 to become free. Usage count = 1

I get this message everytime I need to reboot it stays there for about 30 lines and then the system reboots.

me too..

is this something to worry about?

Ciao
stefano