Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: nefkho on May 07, 2010, 10:52:08 AM

Title: making vpn connection
Post by: nefkho on May 07, 2010, 10:52:08 AM

good day, i like to know if its is possible to have a site to site vpn with the following scenario:

sme1-------internet-------sme2
static ip                       dynamic ip

sme1 have static ip and sme2 have dymanic ip, would it be possible to have a vpn, the likes of site to site?

thanks,
 :-o

Title: Re: making vpn connection
Post by: Stefano on May 07, 2010, 01:32:06 PM

AFAIK this should be possible with Openvpn (http://wiki.contribs.org/OpenVPN)

check the wiki, as there are 2 way openvpn works.

HTH

[edit]
typo corrected
[edit]

Title: Re: making vpn connection
Post by: soprom on May 07, 2010, 03:23:48 PM

I'm using Firewall Services's openvpn on sme with openwrt on branches. Very stable.
You might be able to setup you sme2 with a client config loading automaticly.
If you need both ways traffic, make sure to enable it.

I plan on doing this, but if you make this work, please let us know!

Title: Re: making vpn connection
Post by: soprom on May 07, 2010, 04:52:01 PM

Here is a successfull partial test:

I have a working openvpn-bridge setup first.
Then I put this script with a tested .ovpn content in a folder.
I run the script and the server is connected to the remote as a client.

Code: [Select]

#!/bin/sh

# /etc/openvpn/client1 = folder for this client
# /etc/openvpn/client1/client1.sh = this script
# /etc/openvpn/client1/client1.conf = ovpn config using a different udp port than this server (1194)
#   openvpn-client1.p12
#   takey.pem

# Define config's folder, .sh and .conf prefix
conf="client1"

# Define Bridge Interface
br="br0"

# Define TAP interface to be bridged. Note that tap0 is already used by this server
tap="tap1"

# Build tap device
openvpn --mktun --dev $tap

# Add TAP interface to bridge
brctl addif $br $tap

#Configure bridged interface
ifconfig $tap 0.0.0.0 promisc up

# Start ovpn
/usr/sbin/openvpn --config /etc/openvpn/$conf/$conf.conf --cd /etc/openvpn/$conf
The start script should probably be placed in /etc/rc.d/init.d and include start/stop code.

Hope it can help...

Title: Re: making vpn connection
Post by: soprom on May 08, 2010, 03:10:20 PM

Changes to start/stop openvpn client...

Code: [Select]

#!/bin/sh

# /etc/openvpn/client1 = folder for this client
# /etc/openvpn/client1/client1.sh = this script
# /etc/openvpn/client1/client1.conf = ovpn config using a different udp port than this server (1194)
#   openvpn-client1.p12
#   takey.pem

# Define config's folder, .sh and .conf prefix
conf="client1"

# Define Bridge Interface
br="br0"

# Define TAP interface to be bridged. Note that tap0 is already used by this server
tap="tap1"

# Switch to select start/stop
case "$1" in
start)

    # Build tap device
    openvpn --mktun --dev $tap

    # Add TAP interface to bridge
    brctl addif $br $tap

    #Configure bridged interface
    ifconfig $tap 0.0.0.0 promisc up

    # Start ovpn
    /usr/sbin/openvpn --config /etc/openvpn/$conf/$conf.conf --cd /etc/openvpn/$conf

stop)

    # Stop tap interface
    ifconfig $tap 0.0.0.0 down
    # Remove tap interface from bridge
    brctl delif $br $tap
    # stop tunnel
    openvpn --rmtun --dev $tap
    ;;
*)
    echo "$0 {start|stop}"
    ;;
esac

Title: Re: making vpn connection
Post by: nefkho on May 10, 2010, 06:58:07 AM

thanks,

i have followed the wiki and upon doing rpm -Uvh *.rpm
        package lzo2-2.02-3.el4.rf is already installed
        package openvpn-2.1-0.30.rc15.el4 (which is newer than openvpn-2.0.9-1.el4.rf) is already installed
now i tried checking the /etc/openvpn there is no files but a folder /etc/openvpn/bridge and theres a openvpn.conf.

i tried rpm -e the openvpn-2.1-0.30.rc15.el4 i get an error when i removed the dependencies which is smeserver-bridge-interface" the error is "unregistered_netdevice: waiting for br0 to become free"

how can i removed openvpn-2.1-0.30.rc15.el4?
thanks

Title: Re: making vpn connection
Post by: johnp on May 10, 2010, 01:14:03 PM

Read this http://wiki.contribs.org/BridgeInterface (http://wiki.contribs.org/BridgeInterface)

Title: Re: making vpn connection
Post by: nefkho on May 13, 2010, 02:28:07 AM

thanks, i have installed the openvpn-bridge (i have Certificates are ready) and the phpki and configure setup everything, i tried connecting from my pc (XP) which is in the same network as the server and i get this error "Options error: Unrecognized option or missing parameter(s) in xxx.ovpn:5: passtos (2.0.9)", would it be possible to connect from the same LAN? or i did miss something :( the pem  certiticate been copied and below is my opvn config
---
rport 1194
proto udp
dev tap
nobind
passtos
remote email.xxx.com

tls-client
ns-cert-type server

auth-user-pass

# Replace user.p12 with the certificate
# bundle in PKCS12 format
pkcs12 VPN-PCDC.p12

# You can replace the pkcs12
# directive with the old ones
#ca cacert.pem
#cert user.pem
#key user-key.pem

mtu-test
pull
---


thanks,

Title: Re: making vpn connection
Post by: nefkho on May 13, 2010, 04:12:36 AM

also have this on my email:

An error occured while updating the CRL for OpenVPN-Bridge because openssl didn't recognize the file as a valid CRL.
Below is the copy of the latest CRL downloaded from http://localhost/phpki/index.php?stage=dl_crl_pem