Koozali.org: home of the SME Server
Obsolete Releases => SME 9.x Contribs => Topic started by: deathsonic18 on February 24, 2016, 06:39:30 PM
-
Hey everyone,
I have setup a router using SME Server along with a OpenVPN bridge with a private and public key; I am now trying to configure OpenVPN on CentOS 7 to work hand in hand with SME bridge. I have gotten my publickey certificate (.pem format) and publickey (.pem format) and uploaded them to /etc/openvpn/keys.
Inside the SME Server OpenVPN setup; it as already created CA Cerf, Server Cerf, Server pirate key, DH and static key.
I only need to bridge centos through the SME openvpn bridge.
Now I have created a "client.conf" file in /etc/openvpn/ with the follow text:
port 1194
port udp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
key /etc/openvpn/keys/<keyname>.pem (cerf)
dh /etc/openvpn/keys/<keyname>.pem (key)
server-bridge 192.168.87.1 255.255.255.0 192.168.87.5 192.168.78.50
keepalive 10 120
comp-lzo
persist-key
persist-tun
Would anyone have any knowledge to guide me where I have gone wrong?
Greatly appreciated
When I start OpenVPN on CentOS7 I'm getting
Failed to start openvpn.service: Unit openvpn.service failed to load: No such file or directory
-
well.. it looks like a C7 issue..
is there anything interesting in the logs? on C7 side, I mean
-
So I just entered the location for the logs inside the client.conf to "/var/log/"
After I ran openvpn, there where no logs files; I also checked "/usr/local" and still nothing so after.
Would there maybe another location I can search?
-
Bridge mode uses tap interface, not tun. You'd better start with the sample config available from the panel in the server-manager
-
I just found the sample Daniel B, it was a great help! I didn't even know it was there. :shock: :shock: :D
I just have one question,
pkcs12 user.p12 = PKCS#12 Bundle
cert user.pem = PEM Certificate
key user-key.pem = PEM Key
What type of public key download is "cacert.pem" ? does it mean PEM Bundle or PEM Bundle w/Root?
-
You either need to use PKCS or PEM, not both (PCKS is a format which bundles the cert, the cacert and the key in a single file). If you want to use PEM format, cacert is the CA, you can get it from the home page of PHPki (or in the PEM bundle W/Root, it's the last certificate in this file)
-
Now that I have configured the client.conf (using PCKS Bundle & sample),
I am getting an error saying with line 11, which is "/etc/openvpn/keys/<PCKS Bundle Key>.p12"
Instead of linking it to the key bundle should I install it in CentOS?
-
I am getting an error saying with line 11, which is "/etc/openvpn/keys/<PCKS Bundle Key>.p12"
What is the error you're seeing ?
Instead of linking it to the key bundle should I install it in CentOS?
I don't understand what you mean here.
-
So the error that is coming up when I run "openvpn /etc/openvpn/client.conf" is
Unrecognized option or missing parameter(s) in /etc/openvpn/client.conf:11: /etc/openvpn/keys/PublicKey.p12 (2.3.10)
Now my client.conf is
rport 1194
proto udp
dev tap
nobind
remote clientrouter.client.gee
tls-client
tls-auth takey.pem 1
ns-cert-type server
/etc/openvpn/keys/PublicKey.p12
mtu-test
comp-lzo
pull
It seems like CentOS can't find the .p12 file is, I am sure it is inside /etc/openvpn/keys because I applied a "ls" command to search the directory. Is there a way to implanting the .p12 key inside the system? I did some research and nothing really came up.
-
You removed the pkcs12 directive. This line should be
pkcs12 /etc/openvpn/keys/PublicKey.p12
Also, be sure to set the correct path for the takey.pem file (easier to set an absolute path)
-
Brilliant adding pkcs12 solved the issue :)
Now yes the next problem was the takey.pem file; I'm not sure which public key file type it is. PKCS#12 or PEM Cerf. or PEM Key or PEM Bundle or PEM Bundle w/root ?
-
It's the static pre-shared key you can get on the home page of PHPki
-
Thank you so much Daniel, I had no idea what takey.pem file actually meant.
Everything is up and running after I copied the tekey.pem file to /etc/openvpn/keys and when I ran the openvpn
openvpn /etc/openvpn/keys
Check on in server-manger -openvpn-birdge - display connect clients; it shows that is client connected.
Thank you so much, you are a life saver! :grin: :lol: :grin: :grin:
-
well.. time for a little donation, isn't it? :-D
-
Why yes it is time for a little donation! :-D
Now just to find out why the openvpn bridge connection is disconnecting at times
[Update Problem solved] from https://forums.contribs.org/index.php/topic,52253.0.html
-
btw, for anyone out there;
if you'll like to turn this openvpn into a service inside CentOS; simply use
sudo systemctl -f enable openvpn@newclient.serviceThen you may access it from /usr/lib/systemd/system
then you vi/nano openvpn@newclient.serviceFrom there, you use
--config <the location of your config file> i.e. /etc/openvpn/client.conf and other advanced settings
-
You don't need to edit a openvpn@newclient.service file, especially in /usr/lib/systemd/system (if you have to create your service file, just do it in /etc/systemd/system). Just create your config file /etc/openvpn/newclient.conf and enabled and start the openvpn@newclient.service. That's it. Nothing else to do.
-
Daniel, I have tried to implement DuplicateCN enabled inside the sme server console using
openvpn --dupliacteCN enabled
however it can not take the command :?
-
db configuration setprop openvpn-bridge duplicateCN enabled
signal-event openvpn-bridge-update