1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. If you had a PIAF Forum account in the vBulletin days, log in with your old credentials. Otherwise, sign up again and we'll get you back in business as soon as we can.
Cookies Welcome Back

Easy OpenVPN

Discussion in 'Add-On Install Instructions' started by dad311, Dec 17, 2010.

Page 4 of 4

  1. MichiganTelephone Guru

    Wish I could, Ward. Unfortunately, there is no version of the Tomato firmware (used on routers) that natively supports Hamachi, whereas there is for OpenVPN. That means that you can make all communication through that router go through the VPN tunnel if you like, but only when using OpenVPN, sadly.
    MichiganTelephone, Jul 25, 2011
    #61

  2. newvoiper New Member

    I flashed my LG Optimus V to a Cyanogen7 7.1RC (Gingerbread) ROM, mainly for the OpenVPN client support that is built into this ROM. My OpenVPN server is on my PBX.

    Using the mobile network, I could get my server to authenticate the client and assign IP addresses, with the default server.conf configuration for OpenVPN. Then the client (Optimus) immediately refused the connection.

    Here are the log entries:

    Sep 21 21:30:13 pbx openvpn[20925]: <snip>:36700 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Sep 21 21:30:13 pbx openvpn[20925]: <snip>:36700 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sep 21 21:30:13 pbx openvpn[20925]: <snip>:36700 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Sep 21 21:30:13 pbx openvpn[20925]: <snip>:36700 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sep 21 21:30:13 pbx openvpn[20925]: <snip>:36700 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Sep 21 21:30:13 pbx openvpn[20925]: <snip>:36700 [LGPhone] Peer Connection Initiated with <snip>:36700
    Sep 21 21:30:13 pbx openvpn[20925]: LGPhone/<snip>:36700 MULTI: Learn: 10.8.0.10 -> LGPhone/<snip>:36700
    Sep 21 21:30:13 pbx openvpn[20925]: LGPhone/<snip>:36700 MULTI: primary virtual IP for LGPhone/<snip>:36700: 10.8.0.10
    Sep 21 21:30:15 pbx openvpn[20925]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)

    One thing I noticed, that seemed strange: the IP in the logs, is not the IP of my Optimus in Virgin Mobile's network, it seems to try connecting to proxy server on my mobile network.

    Has anyone else got CM7 to work with OpenVPN?
    newvoiper, Sep 22, 2011
    #62

  3. MyKroFt Guru

    Am now just finally getting back to this - dam hamachi....

    I am going to assume I create a client in pfsense openvpn, which looks like it is storeing its files in /var/etc/openvpn.

    I have server1 and client2 sets of files - only have 1 client defined - am going to assume the client2.* files are what I need?

    Thanks
    Myk
    MyKroFt, Jan 20, 2012
    #63

  4. dad311 Guru

    Here is a listing of my client files in /etc/openvpn on the PBX.
    root@pbx:/etc/openvpn $ ls
    ca.crt client1.conf client1.crt client.key client1.tar ta.key

    The .conf file may needed edited to point to the correct dirrectory for the above files.

    When the first Easy OpenVPN script finishes, it will ask you to edit some files. Ignore, this step if you only setting up a Openvpn client.

    Of all the Open Source stuff Ive have, OpenVPN maybe the most reliable. Once setup, it runs no stop and auto reconnects if needed. Its been built proof for over 3 years.
    dad311, Jan 20, 2012
    #64

  5. MyKroFt Guru

    here are the files in my /var/etc/openvpn dir

    Code:
    client2.ca              client2.tls-auth        server1.key
client2.cert            server1.ca              server1.sock
client2.conf            server1.cert            server1.tls-auth
client2.key             server1.conf            server1.tls-verify.php
client2.sock            server1.crl-verify
    So all I need are the client2.* files minus the .sock file?

    here is the contents of client2.conf sanatized....

    Code:
    dev ovpnc2
dev-type tun
dev-node /dev/tun2
writepid /var/run/openvpn_client2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local xxx.xx.xx.xx
tls-client
client
lport 0
management /var/etc/openvpn/client2.sock unix
remote xxxxx.dyndns.org 1194
ifconfig 192.168.1.2 192.168.1.1
    I am over my head here :(

    Myk
    MyKroFt, Jan 20, 2012
    #65

  6. dad311 Guru

    I would copy ALL the client2 files to the client machine. Restart OpenVPN, check your /var/log/messages files for errors.
    dad311, Jan 20, 2012
    #66

  7. MyKroFt Guru

    ok, getting somewhere slowly...

    execute:

    Code:
    root@pbx:/etc/openvpn $ service openvpn start
Starting openvpn: [  OK  ]
    here is what /var/log/messages states:

    Code:
    Jan 21 10:54:25 pbx openvpn[12931]: OpenVPN 2.1.0 i686-pc-linux-gnu [SSL] [LZO1] [EPOLL] [PKCS11] built on Jan 20 2012
Jan 21 10:54:25 pbx openvpn[12931]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 21 10:54:25 pbx openvpn[12931]: WARNING: file '/etc/openvpn/client2.key' is group or others accessible
Jan 21 10:54:25 pbx openvpn[12931]: LZO compression initialized
Jan 21 10:54:25 pbx openvpn[12931]: Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jan 21 10:54:26 pbx openvpn[12931]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Jan 21 10:54:26 pbx openvpn[12931]: Local Options hash (VER=V4): '1a7820b3'
Jan 21 10:54:26 pbx openvpn[12931]: Expected Remote Options hash (VER=V4): '3e6cc37d'
Jan 21 10:54:26 pbx openvpn[12932]: Socket Buffers: R=[110592->131072] S=[110592->131072]
Jan 21 10:54:26 pbx openvpn[12932]: UDPv4 link local (bound): [undef]:1194
Jan 21 10:54:26 pbx openvpn[12932]: UDPv4 link remote: 174.19.16.29:1194
    but no other device shows up in ifconfig for a ip address...

    ideas?

    thanks
    Myk
    MyKroFt, Jan 21, 2012
    #67

  8. dad311 Guru

    No other messages? No error messages?

    Also check the log file on your pf server for clues.
    dad311, Jan 21, 2012
    #68

  9. MyKroFt Guru

    openvpn[215]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.29:1194

    over and over on the pfsense box
    MyKroFt, Jan 21, 2012
    #69

  10. MyKroFt Guru

    after 60 seconds i get this added to messages

    Jan 21 12:17:05 pbx openvpn[14313]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Jan 21 12:17:05 pbx openvpn[14313]: TLS Error: TLS handshake failed
    Jan 21 12:17:05 pbx openvpn[14313]: TCP/UDP: Closing socket
    Jan 21 12:17:05 pbx openvpn[14313]: SIGUSR1[soft,tls-error] received, process restarting
    Jan 21 12:17:05 pbx openvpn[14313]: Restart pause, 2 second(s)
    MyKroFt, Jan 21, 2012
    #70

  11. MyKroFt Guru

    here is current .conf file...

    port 1194
    dev /dev/tun
    proto udp
    remote xxxxxxxxxx.dyndns.org 1194
    ping 30

    persist-tun
    persist-key

    cipher AES-128-CBC

    tls-client

    ca /etc/openvpn/client2.crt
    cert /etc/openvpn/client2.crt
    key /etc/openvpn/client2.key

    ns-cert-type server
    comp-lzo
    MyKroFt, Jan 21, 2012
    #71

  12. MyKroFt Guru

    MyKroFt, Jan 21, 2012
    #72

  13. MyKroFt Guru

    added

    auth /etc/openvpn/client2.tls-auth

    to the .conf file and now get

    Jan 21 12:33:17 pbx openvpn[14703]: Message hash algorithm '/etc/openvpn/client2.tls-auth' not found (OpenSSL)
    Jan 21 12:33:17 pbx openvpn[14703]: Exiting

    the client2.tls-auth came from the pfsene router....

    so I think I am getting close....

    Myk
    MyKroFt, Jan 21, 2012
    #73

  14. dad311 Guru

    dad311, Jan 21, 2012
    #74

  15. dad311 Guru

    All the links in post one have been updated to reflect several changes to the Easy OpenVPN project.

    Changes / additions include:

    • Centos 6 amd64 OS.
    • Openvpn Client Username & password authentication(OpenVZ template).
    • Scripts to build and OpenVPN server with dd-wrt clients on Centos 6.
    dad311, Jan 29, 2012
    #75
Page 4 of 4

Share This Page