Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: M3kk on December 19, 2012, 10:16:38 AM

Title: SME Openvpn-s2s as SERVER with OPENWRT clients??
Post by: M3kk on December 19, 2012, 10:16:38 AM

Hello, i have a question, problem..

I have 9 locations (a Central and 8 small locations). All the locations have different ISPs and i use the smeserver-openvpn-s2s for tunneling between them..
At the CENTRAL i have the "BIG" SME Server, with 192.168.0.x LAN, and the others are with 2.x, 3.x, 4.x .. 9.x, all with an SME Server configured (PC) with smeserver-openvpn-s2s too, configured as the clients..

I would like to change that locations servers with an OPENWRT capable routers, but keeping this tunnels..
So my question is.. it is possible to do this, to keep the smeserver-openvpn-s2s on the "Central" PC Server, and from the locations connect to it from OPENWRT based routers?

Sorry for my bad english, and ask if u dont understand something well :).

Thanks in advice.

Title: Re: SME Openvpn-s2s as SERVER with OPENWRT clients??
Post by: Stefano on December 19, 2012, 10:38:51 AM

AFAIK smeserver-openvpn-s2s only "helps" you to configure a site-to-site openvpn tunnel..

you could take a look into /etc/ directory (in one of your "external" SME) for openvpn conf file (I bet it's in /etc/openvpn) and other files.. make a copy of all of them (backup, always backup), then copy them on your router and try..

easier to do than to say

Title: Re: SME Openvpn-s2s as SERVER with OPENWRT clients??
Post by: M3kk on December 19, 2012, 11:02:53 AM

Hello,

we i already have the site to site tunnels.. but at the 2.x, 3.x etc places i have a PC configured with SME too, with OpenVNP site to site as clients.. And i want to change them with an OpenWRT capable routers, and use the site-to-site tunnel as i used with the SME servers.. Its useless to keep 9 PCs only for tunneling..

Thx..

Title: Re: SME Openvpn-s2s as SERVER with OPENWRT clients??
Post by: Stefano on December 19, 2012, 11:06:01 AM

M3kk, as I suggested, all you need (I guess) is a copy of your configuration files (and certificates and so on) from one of your pc..
then copy them on your router and try..  it should work

Title: Re: SME Openvpn-s2s as SERVER with OPENWRT clients??
Post by: M3kk on December 19, 2012, 11:08:10 AM

OK, i got them, but..

In the conf files i have openvpn users and groups..
And.. i dont know if i need to install any package or something similar for the openwrt.. or where to copy the config files, etc..

thx.

Title: Re: SME Openvpn-s2s as SERVER with OPENWRT clients??
Post by: Stefano on December 19, 2012, 11:34:58 AM

Quote from: M3kk on December 19, 2012, 11:08:10 AM

OK, i got them, but..

In the conf files i have openvpn users and groups..
And.. i dont know if i need to install any package or something similar for the openwrt.. or where to copy the config files, etc..

thx.

then you should ask for support on any OPENWRT forum/related site, telling them "I have these files, how can I use them with OPENWRT? is there anything I have to install on my router?" :-)

your problem is with OPENWRT now, not SME :-)

Title: Re: SME Openvpn-s2s as SERVER with OPENWRT clients??
Post by: Daniel B. on December 19, 2012, 12:13:54 PM

Hi. I use OpenWRT (on linksys devices) as OpenVPN-s2s client (4 clients use a setup like that). I've written a small how-to here: https://wikit.firewall-services.com/doku.php?id=tuto:ipasserelle:vpn:vpn_wrt (sorry, it's in french, but google might help you with translation ;-))

Title: Re: SME Openvpn-s2s as SERVER with OPENWRT clients??
Post by: M3kk on December 19, 2012, 12:33:31 PM

Hello :).

Yes, i found that, but google cant transalate it because of https :P.
Can you PM me with a quick setup regardin the clients (openwrt) side?

Thank you in advice! :).

Title: Re: SME Openvpn-s2s as SERVER with OPENWRT clients??
Post by: Daniel B. on December 19, 2012, 12:35:42 PM

you can just copy/past the how to on http://translate.google.com/ ....

Title: Re: SME Openvpn-s2s as SERVER with OPENWRT clients??
Post by: M3kk on December 19, 2012, 12:54:02 PM

Ok, i think i got it..

I have 2 questions also.. :).
About this part:
cacert.pem (the certificate authoritarian)
cert.pem (the certificate that will be used by the WRT to generate with PHPki example)

cacert.pem - from where i can find, or where i can generate it?
cert.pem - i undersand i can generate with PHPki, but from which file?

I can find this 2 files on the client SME too, but they are empty ..

BTW, my current WORKING config on the SME Client machine is:

Quote

#------------------------------------------------------------
#          !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://www.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------


port 33309
proto udp
dev tunmc
nobind
remote xxx.xxx.xxx.xxx


# Drop down privileges
user openvpn
group openvpn
chroot /etc/openvpn/s2s

persist-key
persist-tun

# Authentication
secret priv/mc_sharedkey.pem


route-noexec
up bin/up

# Remote Networks
route 192.168.0.0 255.255.255.0

setenv vpnid mc


ifconfig 10.21.0.109 10.21.0.9

# Options
comp-lzo adaptive


keepalive 5 20
mtu-test
passtos

# Custom options


# Log
status-version 2
status status-mc.txt
verb 3
log-append /var/log/openvpn-s2s/mc.log

Title: Re: SME Openvpn-s2s as SERVER with OPENWRT clients??
Post by: Daniel B. on December 19, 2012, 06:27:47 PM

the example in the how to uses TLS auth, you use shared secret, you just have to adapt it (just ignore all the tls-client, cert, key and cacert directives)