Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: AndrewR on November 02, 2006, 10:21:52 PM
-
Ok, so I managed to install SME Server 7.0 onto a machine. Fabulous. I have it as part of my network as a server only... fabulous. Here's where it gets fun.
1) I want to install an RPM or two onto the server. How do I do that? Can this be done from the web interface, or do I have to be logged onto the machine directly?
2) This is a silly question... but when downloading RPMs... um.. which ones should I be choosing for SME? I know that SME is a stripped down version of RH.. but which redhat? If I download say.. a fedora core 3 RPM, will that work?
For the record, I am planning on installing OpenVPN from http://openvpn.net/ onto this machine to use as our VPN server. I'm following some of the guidelines outlined here:
http://www.linuxjournal.com/article/7949
The RPMs in question will be OpenVPN and LZO... since it is required and stuff.
I did this once.. like 9 years ago.. and haven't done anything since. So some help would be appreciated. Thanks a Bundle!
-
Ok, so I managed to install SME Server 7.0 onto a machine. Fabulous. I have it as part of my network as a server only... fabulous. Here's where it gets fun.
First thing I would say is have a good read of the manual its a excellent starting point to learn what you are using with SME Server.
1) I want to install an RPM or two onto the server. How do I do that? Can this be done from the web interface, or do I have to be logged onto the machine directly?
To install rpm's we use...
rpm -Uvh <rpmname-1.3.0.rpm>
Do "man rpm" for what the Uvh does and for more switchs.
You can do this via the command line which you can also do via SSH using PUTTY or directly depends where you are
2) This is a silly question... but when downloading RPMs... um.. which ones should I be choosing for SME?
Take a look in the contribs forum for rpms and the archived wiki up the top of this forum.
I know that SME is a stripped down version of RH.. but which redhat? If I download say.. a fedora core 3 RPM, will that work?
This SME Server 7 is based on Centos 4.3 which it self is based on RedHat Linux Enterprise 4.x so installing fedora core rpms will not work, I tend to look at Dag Wieers rpms
For the record, I am planning on installing OpenVPN from http://openvpn.net/ onto this machine to use as our VPN server. I'm following some of the guidelines outlined here:
http://www.linuxjournal.com/article/7949
The RPMs in question will be OpenVPN and LZO... since it is required and stuff.
I did this once.. like 9 years ago.. and haven't done anything since. So some help would be appreciated. Thanks a Bundle!
Again take a look in the forums contribs someone there has already done a contrib/how-to to get OpenVPN working with SME.
Hope this gives you a good starting point :D
-
Thanks for the help so far. I followed the setup on Swerts-Knudsen.. it was exactly what I needed. But I'm having a problem creating the keys.. I can create the Server key just fine... but the client key is being problematic. When I go through the checklist to create the key, I get the following error:
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
I don't know what to do from here.. help?
-
Ok, so I managed to fix the DB error. Didn't have an FQDN on the Common Name. But that is now done. Problem is now I can't seem to connect.
When I try, here's what happens according to the Log:
Fri Nov 03 10:35:25 2006 us=805688 Current Parameter Settings:
Fri Nov 03 10:35:25 2006 us=805744 config = 'VPN.ovpn'
Fri Nov 03 10:35:25 2006 us=805753 mode = 0
Fri Nov 03 10:35:25 2006 us=805761 show_ciphers = DISABLED
Fri Nov 03 10:35:25 2006 us=805768 show_digests = DISABLED
Fri Nov 03 10:35:25 2006 us=805775 show_engines = DISABLED
Fri Nov 03 10:35:25 2006 us=805784 genkey = DISABLED
Fri Nov 03 10:35:25 2006 us=805791 key_pass_file = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=805799 show_tls_ciphers = DISABLED
Fri Nov 03 10:35:25 2006 us=805807 proto = 0
Fri Nov 03 10:35:25 2006 us=805814 local = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=805822 remote_list[0] = {'<IPADDRESSREMOVEDBYANDREWR>', 1194}
Fri Nov 03 10:35:25 2006 us=805830 remote_random = DISABLED
Fri Nov 03 10:35:25 2006 us=805839 local_port = 1194
Fri Nov 03 10:35:25 2006 us=805846 remote_port = 1194
Fri Nov 03 10:35:25 2006 us=805853 remote_float = DISABLED
Fri Nov 03 10:35:25 2006 us=805861 ipchange = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=805869 bind_local = ENABLED
Fri Nov 03 10:35:25 2006 us=805876 dev = 'tap'
Fri Nov 03 10:35:25 2006 us=805883 dev_type = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=805890 dev_node = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=805898 tun_ipv6 = DISABLED
Fri Nov 03 10:35:25 2006 us=805905 ifconfig_local = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=805913 ifconfig_remote_netmask = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=805926 ifconfig_noexec = DISABLED
Fri Nov 03 10:35:25 2006 us=805933 ifconfig_nowarn = DISABLED
Fri Nov 03 10:35:25 2006 us=805941 shaper = 0
Fri Nov 03 10:35:25 2006 us=805947 tun_mtu = 1500
Fri Nov 03 10:35:25 2006 us=805955 tun_mtu_defined = ENABLED
Fri Nov 03 10:35:25 2006 us=805962 link_mtu = 1500
Fri Nov 03 10:35:25 2006 us=805970 link_mtu_defined = DISABLED
Fri Nov 03 10:35:25 2006 us=805977 tun_mtu_extra = 32
Fri Nov 03 10:35:25 2006 us=805984 tun_mtu_extra_defined = ENABLED
Fri Nov 03 10:35:25 2006 us=805992 fragment = 0
Fri Nov 03 10:35:25 2006 us=805999 mtu_discover_type = -1
Fri Nov 03 10:35:25 2006 us=806007 mtu_test = 1
Fri Nov 03 10:35:25 2006 us=806014 mlock = DISABLED
Fri Nov 03 10:35:25 2006 us=806022 keepalive_ping = 0
Fri Nov 03 10:35:25 2006 us=806029 keepalive_timeout = 0
Fri Nov 03 10:35:25 2006 us=806037 inactivity_timeout = 0
Fri Nov 03 10:35:25 2006 us=806044 ping_send_timeout = 0
Fri Nov 03 10:35:25 2006 us=806052 ping_rec_timeout = 120
Fri Nov 03 10:35:25 2006 us=806060 ping_rec_timeout_action = 2
Fri Nov 03 10:35:25 2006 us=806067 ping_timer_remote = DISABLED
Fri Nov 03 10:35:25 2006 us=806075 remap_sigusr1 = 0
Fri Nov 03 10:35:25 2006 us=806089 explicit_exit_notification = 0
Fri Nov 03 10:35:25 2006 us=806097 persist_tun = DISABLED
Fri Nov 03 10:35:25 2006 us=806105 persist_local_ip = DISABLED
Fri Nov 03 10:35:25 2006 us=806112 persist_remote_ip = DISABLED
Fri Nov 03 10:35:25 2006 us=806120 persist_key = DISABLED
Fri Nov 03 10:35:25 2006 us=806127 mssfix = 1450
Fri Nov 03 10:35:25 2006 us=806136 resolve_retry_seconds = 1000000000
Fri Nov 03 10:35:25 2006 us=806143 connect_retry_seconds = 5
Fri Nov 03 10:35:25 2006 us=806151 username = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=806158 groupname = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=806166 chroot_dir = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=806174 cd_dir = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=806181 writepid = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=806189 up_script = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=806197 down_script = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=806205 down_pre = DISABLED
Fri Nov 03 10:35:25 2006 us=806212 up_restart = DISABLED
Fri Nov 03 10:35:25 2006 us=806220 up_delay = DISABLED
Fri Nov 03 10:35:25 2006 us=806227 daemon = DISABLED
Fri Nov 03 10:35:25 2006 us=806234 inetd = 0
Fri Nov 03 10:35:25 2006 us=806241 log = DISABLED
Fri Nov 03 10:35:25 2006 us=806249 suppress_timestamps = DISABLED
Fri Nov 03 10:35:25 2006 us=806256 nice = 0
Fri Nov 03 10:35:25 2006 us=806264 verbosity = 4
Fri Nov 03 10:35:25 2006 us=971911 mute = 0
Fri Nov 03 10:35:25 2006 us=975520 gremlin = 0
Fri Nov 03 10:35:25 2006 us=975584 status_file = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=975690 status_file_version = 1
Fri Nov 03 10:35:25 2006 us=975702 status_file_update_freq = 60
Fri Nov 03 10:35:25 2006 us=975709 occ = ENABLED
Fri Nov 03 10:35:25 2006 us=975716 rcvbuf = 0
Fri Nov 03 10:35:25 2006 us=975722 sndbuf = 0
Fri Nov 03 10:35:25 2006 us=975731 socks_proxy_server = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=975745 socks_proxy_port = 0
Fri Nov 03 10:35:25 2006 us=975752 socks_proxy_retry = DISABLED
Fri Nov 03 10:35:25 2006 us=975759 fast_io = DISABLED
Fri Nov 03 10:35:25 2006 us=975766 comp_lzo = ENABLED
Fri Nov 03 10:35:25 2006 us=975773 comp_lzo_adaptive = ENABLED
Fri Nov 03 10:35:25 2006 us=975780 route_script = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=975787 route_default_gateway = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=975795 route_noexec = DISABLED
Fri Nov 03 10:35:25 2006 us=987008 route_delay = 0
Fri Nov 03 10:35:25 2006 us=987024 route_delay_window = 30
Fri Nov 03 10:35:25 2006 us=987032 route_delay_defined = ENABLED
Fri Nov 03 10:35:25 2006 us=987039 management_addr = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=987046 management_port = 0
Fri Nov 03 10:35:25 2006 us=987055 management_user_pass = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=987063 management_log_history_cache = 250
Fri Nov 03 10:35:25 2006 us=987071 management_echo_buffer_size = 100
Fri Nov 03 10:35:25 2006 us=987079 management_query_passwords = DISABLED
Fri Nov 03 10:35:25 2006 us=987088 management_hold = DISABLED
Fri Nov 03 10:35:25 2006 us=987095 shared_secret_file = '[UNDEF]'
Fri Nov 03 10:35:25 2006 us=987103 key_direction = 0
Fri Nov 03 10:35:25 2006 us=987139 ciphername_defined = ENABLED
Fri Nov 03 10:35:25 2006 us=987147 ciphername = 'BF-CBC'
Fri Nov 03 10:35:25 2006 us=987155 authname_defined = ENABLED
Fri Nov 03 10:35:25 2006 us=987162 authname = 'SHA1'
Fri Nov 03 10:35:26 2006 us=75131 keysize = 0
Fri Nov 03 10:35:26 2006 us=75161 engine = DISABLED
Fri Nov 03 10:35:26 2006 us=75198 replay = ENABLED
Fri Nov 03 10:35:26 2006 us=75206 mute_replay_warnings = DISABLED
Fri Nov 03 10:35:26 2006 us=75214 replay_window = 64
Fri Nov 03 10:35:26 2006 us=75244 replay_time = 15
Fri Nov 03 10:35:26 2006 us=75255 packet_id_file = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=75263 use_iv = ENABLED
Fri Nov 03 10:35:26 2006 us=75270 test_crypto = DISABLED
Fri Nov 03 10:35:26 2006 us=75278 tls_server = DISABLED
Fri Nov 03 10:35:26 2006 us=75286 tls_client = ENABLED
Fri Nov 03 10:35:26 2006 us=75294 key_method = 2
Fri Nov 03 10:35:26 2006 us=75301 ca_file = 'ca.crt'
Fri Nov 03 10:35:26 2006 us=75309 dh_file = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=75318 cert_file = 'client.crt'
Fri Nov 03 10:35:26 2006 us=75325 priv_key_file = 'client.key'
Fri Nov 03 10:35:26 2006 us=75333 pkcs12_file = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=113149 cryptoapi_cert = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=113180 cipher_list = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=113211 tls_verify = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=113220 tls_remote = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=113228 crl_file = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=113235 ns_cert_type = 0
Fri Nov 03 10:35:26 2006 us=113243 tls_timeout = 2
Fri Nov 03 10:35:26 2006 us=113251 renegotiate_bytes = 0
Fri Nov 03 10:35:26 2006 us=113258 renegotiate_packets = 0
Fri Nov 03 10:35:26 2006 us=113266 renegotiate_seconds = 3600
Fri Nov 03 10:35:26 2006 us=113274 handshake_window = 60
Fri Nov 03 10:35:26 2006 us=113281 transition_window = 3600
Fri Nov 03 10:35:26 2006 us=113289 single_session = DISABLED
Fri Nov 03 10:35:26 2006 us=113296 tls_exit = DISABLED
Fri Nov 03 10:35:26 2006 us=113305 tls_auth_file = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=132829 server_network = 0.0.0.0
Fri Nov 03 10:35:26 2006 us=132848 server_netmask = 0.0.0.0
Fri Nov 03 10:35:26 2006 us=132856 server_bridge_ip = 0.0.0.0
Fri Nov 03 10:35:26 2006 us=132864 server_bridge_netmask = 0.0.0.0
Fri Nov 03 10:35:26 2006 us=132872 server_bridge_pool_start = 0.0.0.0
Fri Nov 03 10:35:26 2006 us=132880 server_bridge_pool_end = 0.0.0.0
Fri Nov 03 10:35:26 2006 us=132888 ifconfig_pool_defined = DISABLED
Fri Nov 03 10:35:26 2006 us=132896 ifconfig_pool_start = 0.0.0.0
Fri Nov 03 10:35:26 2006 us=132904 ifconfig_pool_end = 0.0.0.0
Fri Nov 03 10:35:26 2006 us=132912 ifconfig_pool_netmask = 0.0.0.0
Fri Nov 03 10:35:26 2006 us=132919 ifconfig_pool_persist_filename = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=132928 ifconfig_pool_persist_refresh_freq = 600
Fri Nov 03 10:35:26 2006 us=132935 ifconfig_pool_linear = DISABLED
Fri Nov 03 10:35:26 2006 us=132943 n_bcast_buf = 256
Fri Nov 03 10:35:26 2006 us=132950 tcp_queue_limit = 64
Fri Nov 03 10:35:26 2006 us=132958 real_hash_size = 256
Fri Nov 03 10:35:26 2006 us=152346 virtual_hash_size = 256
Fri Nov 03 10:35:26 2006 us=152398 client_connect_script = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=152410 learn_address_script = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=152420 client_disconnect_script = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=152428 client_config_dir = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=152436 ccd_exclusive = DISABLED
Fri Nov 03 10:35:26 2006 us=152443 tmp_dir = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=152456 push_ifconfig_defined = DISABLED
Fri Nov 03 10:35:26 2006 us=152468 push_ifconfig_local = 0.0.0.0
Fri Nov 03 10:35:26 2006 us=152477 push_ifconfig_remote_netmask = 0.0.0.0
Fri Nov 03 10:35:26 2006 us=152485 enable_c2c = DISABLED
Fri Nov 03 10:35:26 2006 us=152493 duplicate_cn = DISABLED
Fri Nov 03 10:35:26 2006 us=152501 cf_max = 0
Fri Nov 03 10:35:26 2006 us=152508 cf_per = 0
Fri Nov 03 10:35:26 2006 us=152516 max_clients = 1024
Fri Nov 03 10:35:26 2006 us=152524 max_routes_per_client = 256
Fri Nov 03 10:35:26 2006 us=163178 client_cert_not_required = DISABLED
Fri Nov 03 10:35:26 2006 us=163237 username_as_common_name = DISABLED
Fri Nov 03 10:35:26 2006 us=163253 auth_user_pass_verify_script = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=163263 auth_user_pass_verify_script_via_file = DISABLED
Fri Nov 03 10:35:26 2006 us=163271 client = DISABLED
Fri Nov 03 10:35:26 2006 us=163278 pull = ENABLED
Fri Nov 03 10:35:26 2006 us=163286 auth_user_pass_file = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=163300 show_net_up = DISABLED
Fri Nov 03 10:35:26 2006 us=163308 route_method = 0
Fri Nov 03 10:35:26 2006 us=163316 ip_win32_defined = DISABLED
Fri Nov 03 10:35:26 2006 us=163324 ip_win32_type = 3
Fri Nov 03 10:35:26 2006 us=163332 dhcp_masq_offset = 0
Fri Nov 03 10:35:26 2006 us=163340 dhcp_lease_time = 31536000
Fri Nov 03 10:35:26 2006 us=163348 tap_sleep = 0
Fri Nov 03 10:35:26 2006 us=163355 dhcp_options = DISABLED
Fri Nov 03 10:35:26 2006 us=205987 dhcp_renew = DISABLED
Fri Nov 03 10:35:26 2006 us=206017 dhcp_pre_release = DISABLED
Fri Nov 03 10:35:26 2006 us=206053 dhcp_release = DISABLED
Fri Nov 03 10:35:26 2006 us=206061 domain = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=206069 netbios_scope = '[UNDEF]'
Fri Nov 03 10:35:26 2006 us=206076 netbios_node_type = 0
Fri Nov 03 10:35:26 2006 us=206084 disable_nbt = DISABLED
Fri Nov 03 10:35:26 2006 us=206107 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Fri Nov 03 10:35:26 2006 us=206435 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Nov 03 10:35:26 2006 us=260643 LZO compression initialized
Fri Nov 03 10:35:26 2006 us=260739 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Nov 03 10:35:26 2006 us=260408 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Nov 03 10:35:26 2006 us=260459 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Nov 03 10:35:26 2006 us=260470 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Nov 03 10:35:26 2006 us=272841 Local Options hash (VER=V4): 'd79ca330'
Fri Nov 03 10:35:26 2006 us=272892 Expected Remote Options hash (VER=V4): 'f7df56b8'
Fri Nov 03 10:35:26 2006 us=272947 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Nov 03 10:35:26 2006 us=272971 UDPv4 link local (bound): [undef]:1194
Fri Nov 03 10:35:26 2006 us=272981 UDPv4 link remote: <IPADDRESSREMOVEDBYANDREWR>:1194
Fri Nov 03 10:36:27 2006 us=321911 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Nov 03 10:36:27 2006 us=321942 TLS Error: TLS handshake failed
Fri Nov 03 10:36:27 2006 us=318777 TCP/UDP: Closing socket
Fri Nov 03 10:36:27 2006 us=322458 SIGUSR1[soft,tls-error] received, process restarting
Fri Nov 03 10:36:27 2006 us=318975 Restart pause, 2 second(s)
Fri Nov 03 10:36:29 2006 us=321940 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Nov 03 10:36:29 2006 us=323042 LZO compression initialized
Fri Nov 03 10:36:29 2006 us=319610 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Nov 03 10:36:29 2006 us=320899 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Nov 03 10:36:29 2006 us=320937 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Nov 03 10:36:29 2006 us=320947 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Nov 03 10:36:29 2006 us=320968 Local Options hash (VER=V4): 'd79ca330'
Fri Nov 03 10:36:29 2006 us=320983 Expected Remote Options hash (VER=V4): 'f7df56b8'
Fri Nov 03 10:36:29 2006 us=321016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Nov 03 10:36:29 2006 us=321032 UDPv4 link local (bound): [undef]:1194
Fri Nov 03 10:36:29 2006 us=321042 UDPv4 link remote: <IPADDRESSREMOVEDBYANDREWR>:1194
Fri Nov 03 10:37:29 2006 us=979980 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Nov 03 10:37:29 2006 us=980012 TLS Error: TLS handshake failed
Fri Nov 03 10:37:29 2006 us=980497 TCP/UDP: Closing socket
Fri Nov 03 10:37:29 2006 us=980624 SIGUSR1[soft,tls-error] received, process restarting
Fri Nov 03 10:37:29 2006 us=980643 Restart pause, 2 second(s)
Fri Nov 03 10:37:31 2006 us=980012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Nov 03 10:37:31 2006 us=981086 LZO compression initialized
Fri Nov 03 10:37:31 2006 us=977667 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Nov 03 10:37:31 2006 us=978994 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Nov 03 10:37:31 2006 us=982593 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Nov 03 10:37:31 2006 us=982610 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Nov 03 10:37:31 2006 us=982632 Local Options hash (VER=V4): 'd79ca330'
Fri Nov 03 10:37:31 2006 us=982647 Expected Remote Options hash (VER=V4): 'f7df56b8'
Fri Nov 03 10:37:31 2006 us=979160 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Nov 03 10:37:31 2006 us=979193 UDPv4 link local (bound): [undef]:1194
Fri Nov 03 10:37:31 2006 us=979207 UDPv4 link remote: <IPADDRESSREMOVEDBYANDREWR>:1194
Fri Nov 03 10:38:31 2006 us=544247 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Nov 03 10:38:31 2006 us=544277 TLS Error: TLS handshake failed
Fri Nov 03 10:38:31 2006 us=541145 TCP/UDP: Closing socket
Fri Nov 03 10:38:31 2006 us=541263 SIGUSR1[soft,tls-error] received, process restarting
Fri Nov 03 10:38:31 2006 us=544832 Restart pause, 2 second(s)
Fri Nov 03 10:38:33 2006 us=544302 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Nov 03 10:38:33 2006 us=545257 LZO compression initialized
Fri Nov 03 10:38:33 2006 us=545315 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Nov 03 10:38:33 2006 us=546451 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Nov 03 10:38:33 2006 us=542968 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Nov 03 10:38:33 2006 us=542988 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Nov 03 10:38:33 2006 us=543010 Local Options hash (VER=V4): 'd79ca330'
Fri Nov 03 10:38:33 2006 us=543025 Expected Remote Options hash (VER=V4): 'f7df56b8'
Fri Nov 03 10:38:33 2006 us=543080 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Nov 03 10:38:33 2006 us=543096 UDPv4 link local (bound): [undef]:1194
Fri Nov 03 10:38:33 2006 us=543106 UDPv4 link remote: <IPADDRESSREMOVEDBYANDREWR>:1194
Fri Nov 03 10:39:33 2006 us=374194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Nov 03 10:39:33 2006 us=374225 TLS Error: TLS handshake failed
Fri Nov 03 10:39:33 2006 us=370988 TCP/UDP: Closing socket
Fri Nov 03 10:39:33 2006 us=371116 SIGUSR1[soft,tls-error] received, process restarting
Fri Nov 03 10:39:33 2006 us=371128 Restart pause, 2 second(s)
Fri Nov 03 10:39:35 2006 us=374226 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Nov 03 10:39:35 2006 us=375275 LZO compression initialized
Fri Nov 03 10:39:35 2006 us=371864 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Nov 03 10:39:35 2006 us=372988 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Nov 03 10:39:35 2006 us=376592 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Nov 03 10:39:35 2006 us=376604 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Nov 03 10:39:35 2006 us=373100 Local Options hash (VER=V4): 'd79ca330'
Fri Nov 03 10:39:35 2006 us=373125 Expected Remote Options hash (VER=V4): 'f7df56b8'
Fri Nov 03 10:39:35 2006 us=373171 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Nov 03 10:39:35 2006 us=373186 UDPv4 link local (bound): [undef]:1194
Fri Nov 03 10:39:35 2006 us=373195 UDPv4 link remote: <IPADDRESSREMOVEDBYANDREWR>:1194
And it just hangs there, attempting to connect. I feel like I am missing a step... what should I be looking at?
-
Ok, so I am starting to get the hang of all this.. but I still need some help. The "problem" seems to lie in the strings for the following (the bolded parts):
Client config:
port 1194
dev tap
remote XXXXXXXX
tls-client
auth-user-pass
ca ca.crt
cert client.crt
key client.key
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
comp-lzo
verb 4
Server Conf:
port 1194
dev tap
tls-server
dh dh1024.pem
ca ca.crt
cert server.crt
key server.key
auth-user-pass-verify ./validate.sh via-env
client-disconnect ./logoff.sh
up ./openvpn.up
mode server
duplicate-cn
ifconfig 192.168.100.1 255.255.255.0
ifconfig-pool 192.168.100.100 192.168.100.200 255.255.255.0 # IP range for openvpn client
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 10
ping-restart 120
push "ping 10"
push "ping-restart 60"
push "dhcp-option DOMAIN ecl.ca" # push the DNS domain suffix
push "dhcp-option DNS 10.10.1.50" # push DNS entries to openvpn client
push "route 10.10.1.0 255.255.255.0 192.168.100.1" # add route to to protected network
comp-lzo
status-version 2
status openvpn-status.log
verb 3
Now.. um.. I haven't made any users yet. So, for fun, I tried the root user. No luck. where and how should I be creating the users? Should they be LDAP user accounts already existing in our domain (AD with a Windows 2003 DC) or should they be user accounts on the SME? And what's the best way to create the damn things?
The firewall is letting the traffic through.. I just need to know what I am doing wrong.
-
Ok, so I seem to be answering a lot of my own questions in this thread so far, but I figured I'd just keep posting in case someone else runs into these headaches. The answer to the user question is I create them in SME Server manager. That does the trick, getting me past the UserName and PW hurdle.
Problem now is that I get stuck during connecting.. still giving me grief. Here's the log file:
Fri Nov 03 11:09:22 2006 us=814257 LZO compression initialized
Fri Nov 03 11:09:22 2006 us=817895 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Nov 03 11:09:22 2006 us=819395 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Nov 03 11:09:22 2006 us=819440 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Nov 03 11:09:22 2006 us=819464 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Nov 03 11:09:22 2006 us=819485 Local Options hash (VER=V4): 'd79ca330'
Fri Nov 03 11:09:22 2006 us=819501 Expected Remote Options hash (VER=V4): 'f7df56b8'
Fri Nov 03 11:09:22 2006 us=819537 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Nov 03 11:09:22 2006 us=819554 UDPv4 link local (bound): [undef]:1194
Fri Nov 03 11:09:22 2006 us=819563 UDPv4 link remote: <IPREMOVEDBYANDREWR>:1194
Fri Nov 03 11:16:48 2006 us=470543 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Nov 03 11:16:48 2006 us=470581 TLS Error: TLS handshake failed
Fri Nov 03 11:16:48 2006 us=470901 TCP/UDP: Closing socket
Fri Nov 03 11:16:48 2006 us=471044 SIGUSR1[soft,tls-error] received, process restarting
Fri Nov 03 11:16:48 2006 us=471056 Restart pause, 2 second(s)
Now it's giving me a headache.. it will hang at this point, and then restart, posting the same lines over and over again. So... what's going wrong? Where should I start looking?
-
Well.. I seem to be making some headway. After installing the OpenVPN server manager add-on, I've rebuilt my certs, and here are the details on my config files:
Server:
#------------------------------------------------------------
# !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://wiki.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------
port 1194
proto udp
dev tap0
dh dh1024.pem
ca ca.crt
cert server.crt
key server.key
auth-user-pass-verify ./validate.sh via-env
client-disconnect ./logoff.sh
up ./openvpn.up
duplicate-cn
server-bridge 10.10.1.58 255.255.255.0 192.168.100.100 192.168.100.150
ping 10
ping-restart 120
push "ping 10"
push "ping-restart 120"
push "dhcp-option DOMAIN ecl.ca"
push "dhcp-option DNS 10.10.1.58"
push "dhcp-option WINS 10.10.1.58"
fragment 1400
mssfix
cipher AES-128-CBC
max-clients 20
comp-lzo
status-version 2
log-append /var/log/openvpn/openvpn.log
status openvpn-status.log
verb 7
Client:
port 1194
proto udp
dev tap
remote ######## (server address blocked out)
ns-cert-type server
tls-client
auth-user-pass
ca ca.crt
cert client.crt
key client.key
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
cipher AES-128-CBC
comp-lzo
verb 7
But when I try and connect from my remote host:
Client information:
Fri Nov 03 13:42:59 2006 us=700865 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Nov 03 13:42:59 2006 us=700895 UDPv4 READ [-1] from [undef]: DATA UNDEF len=-1
Fri Nov 03 13:43:01 2006 us=726366 UDPv4 WRITE [14] to XXXXXXXX:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Nov 03 13:43:01 2006 us=765634 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Nov 03 13:43:01 2006 us=765665 UDPv4 READ [-1] from [undef]: DATA UNDEF len=-1
And the info in the Log from the server says:
--server-bridge IP addresses 10.10.1.58 and 192.168.100.100 are not in the same 255.255.255.0 subnet
Use --help for more information.
Ok, my first reaction to this is "like duh". Of course they're not part of the same subnet. The traffic is getting through my router ok.. but WTF? should I be adding routes to my firewall?
-
*sigh*
OK, so I am still having some troubles. Here's what I WANT to ultimately be accomplished:
1) Have remote clients connect to OpenVPN using ethernet bridging. bridged IP range should be 10.10.2.0 255.255.255.0 , with an IP range of 10.10.2.100-10.10.2.125
2) Have the Tap interface use internal DNS servers 10.10.1.50 and 10.10.1.51. GW should be 10.10.1.1
3) Once I get one key pair working... make additional keys so that I use the 1 key pair per user scenario.
Please help, and offer suggestions where ye may.
-
Have you looked at OpenVPN for Sme 7.0 (http://forums.contribs.org/index.php?topic=33194.0), which includes a contrib with a server-manager panel to configure OpenVPN?
-
Have you looked at OpenVPN for Sme 7.0 (http://forums.contribs.org/index.php?topic=33194.0), which includes a contrib with a server-manager panel to configure OpenVPN?
Not Until you mentioned it. So, I uninstalled OpenVPN and followed his how-to. Mucho easier batman. Problem is, I still am having an issue:
When connecting, I now get the following error:
Mon Nov 06 08:01:37 2006 us=173779 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Mon Nov 06 08:01:46 2006 us=183040 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Nov 06 08:01:46 2006 us=183372 Cannot load certificate file client.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Mon Nov 06 08:01:46 2006 us=183382 Exiting
I'm almost at the point where I want to blow out the whole server and start again.. which I suppose I could do, seeing as it's only a test server, and no big deal to kill. I've tried deleting and regenerating the keys... with no luck. Help?
-
You should re-post this same info in the OpenVPN post that I refereneced above - that way the contrib author will get a notification and can give you an informed answer...
-
You should re-post this same info in the OpenVPN post that I refereneced above - that way the contrib author will get a notification and can give you an informed answer...
I reposted.. and finally, I admit, I just got lucky. I installed Beta4, and now it is working wonderfully. The Panel applet does make things easier too I must admit.
For all those having similar problems, I would reccommend the thread OpenVPN for Sme 7.0 (http://forums.contribs.org/index.php?topic=33194.0) it's been really helpful.