run build-key failed (windows 2003)

I installed OpenVPN2.1-rc15 on Windows 2003,  I failed to run build-key
it still looking for linux path? .. is it bugs or what I missed?

C:\Program Files\OpenVPN\easy-rsa>build-key chaniago WARNING: can't open 
config file: /usr/local/ssl/openssl.cnf

Regards
Winanjaya

Thanks & Regards

Winanjaya

------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT 
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian 
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com 

Re: tun driver installation in Solaris Zone (Solaris 10U7)

Dot Yet wrote:
> Hi Everyone,
> I am trying to install OpenVPN on a non-global solaris zone (Solaris 10 U7
> 05/09).
> 
> While installing the tun driver (1.1) in this Solaris zone, I am getting the
> following while performing add_drv:
> 
> # add_drv tun Cannot open (/dev/ksyms): No such file or directory. Could not
> identify kernel's ISA.
> 
> Can you tell me if one can use the tun driver purely in a solaris zone, not
> affecting the global zone at all?
> 
> Thanks in advance.
> 
> Regards,
> dot.yet
> 
> 
> 
> ------------------------------------------------------------------------
> 

Given the security model of solaris zones:
By design, one CAN NOT manipulate the global zones kernel from a non-global zone.

Possible workaround:
I've never tried this, but you may be able to get away with loading the module in the global zone and then
delegating/assigning the tun interface to the non-global zone of your likening via the same method of

Re: run build-key failed (windows 2003)

Yes, I followed the instructions from README

First run init-config.bat
edit vars.bat to adapt it to my environment and run it.

To generate TLS keys:

Create new empty index and serial files (once only)
1. vars
2. clean-all

Build a CA key (once only)
1. vars
2. build-ca

Build a DH file (for server side, once only)
1. vars
2. build-dh

Build a private key/certficate for the openvpn server
1. vars
2. build-key-server server

Build key files in PEM format (for each client machine)
1. vars
2. build-key chaniago

the problem goes here!

 C:\Program Files\OpenVPN\easy-rsa>build-key chaniago WARNING: can't open

Re: run build-key failed (windows 2003)

Worked fine for me on Vista. You only have to run vars once unless you 
have rebooted. It seems like vars cannot get something it needs. Are you 
running as admin?

Winanjaya - CBN wrote:
> Yes, I followed the instructions from README
> 
> First run init-config.bat
> edit vars.bat to adapt it to my environment and run it.
> 
> To generate TLS keys:
> 
> Create new empty index and serial files (once only)
> 1. vars
> 2. clean-all
> 
> Build a CA key (once only)
> 1. vars
> 2. build-ca
> 
> Build a DH file (for server side, once only)
> 1. vars
> 2. build-dh
> 
> Build a private key/certficate for the openvpn server
> 1. vars
> 2. build-key-server server
> 
> Build key files in PEM format (for each client machine)
> 1. vars

machine recommendations

Hello,

I'll be setting up a machine to act as a production OpenVPN server.  Does anyone have suggestions as to what
characteristics the machine should have?  I anticipate ~120 users using videoconferencing software
over the vpn link to start with, then it may grow from there.  So should I emphasize processor power, memory,
disk space, network bandwidth? Should I suggest a second machine as a fail-over? Is it possible to run
OpenVPN on top of wackamole/spread or something similar?  Any suggestions for prioritizing these things
are greatly appreciated.

thanks

Michael

"If you're clear in your vision and trust the people in your team with clear objectives, they will
invariably do their best to achieve everything desired, and usually deliver everything you could have
hoped for and even more." -Paul Debevec

------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get

Re: machine recommendations

------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get

_______________________________________________
Openvpn-users mailing list
Openvpn-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: Connection reset, restarting [-1]

Hi Stephan,

Sykes, Stephan wrote:
> This is a clip of the status window on the client side of our openvpn
> link. This happens for several minutes each time before the link is
> made. The system had been working fine for over a year, this just
> started happening. It all happens very quickly as can be seen from the
> time. Our thought is that it is failing before the server at the far end
> can answer.  Is there a way to slow down the linking to give the server
> time to respond, or am I way off base?
> The server is a Linksys router running DD-WRT.
>
>
> Fri May 29 10:22:36 2009 Attempting to establish TCP connection with
> xx.xxx.xx.xxx:xx
> Fri May 29 10:22:36 2009 TCP connection established with
> xx.xxx.xx.xxx:xx
> Fri May 29 10:22:36 2009 TCPv4_CLIENT link local: [undef]
> Fri May 29 10:22:36 2009 TCPv4_CLIENT link remote: xx.xxx.xx.xxx:xx
> Fri May 29 10:22:36 2009 Connection reset, restarting [-1]
> Fri May 29 10:22:36 2009 SIGUSR1[soft,connection-reset] received,
> process restarting
> Fri May 29 10:22:41 2009 Re-using SSL/TLS context
> Fri May 29 10:22:41 2009 LZO compression initialized
> Fri May 29 10:22:41 2009 Attempting to establish TCP connection with
> xx.xxx.xx.xxx:xx
> Fri May 29 10:22:41 2009 TCP connection established with
> xx.xxx.xx.xxx:xx
> Fri May 29 10:22:41 2009 TCPv4_CLIENT link local: [undef]
> Fri May 29 10:22:41 2009 TCPv4_CLIENT link remote: xx.xxx.xx.xxx:xx
> Fri May 29 10:22:41 2009 Connection reset, restarting [-1]
> Fri May 29 10:22:41 2009 SIGUSR1[soft,connection-reset] received,
> process restarting
> Fri May 29 10:22:46 2009 Re-using SSL/TLS context
> Fri May 29 10:22:46 2009 LZO compression initialized
>
>   
this log files shows that you're using TCP to make a connection and that 
this TCP connection is being reset all the time; in most cases this 
means that either the machine itself is sending TCP_RST packets or that 
an intermediary firewall is blocking things.

HTH,

JJK

------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get

Re: tun driver installation in Solaris Zone (Solaris 10U7)

Dot Yet wrote:
> Hi Everyone, 
>
>
> I am trying to install OpenVPN on a non-global solaris zone (Solaris 
> 10 U7 05/09). 
>
>
> While installing the tun driver (1.1) in this Solaris zone, I am 
> getting the following while performing add_drv:
>
>
> # add_drv tun
> Cannot open (/dev/ksyms): No such file or directory.
> Could not identify kernel's ISA.
>
> Can you tell me if one can use the tun driver purely in a solaris 
> zone, not affecting the global zone at all?
>
I have yet to see a Solaris tun driver that works with zones... so my 
hunch is that this is not possible.
IIRC the Solaris tun driver does not even compile properly on Solaris 10 
with zones enabled but this might have been corrected by now.

HTH,

JJK

------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get

Re: Client and Server Subnet Routing Puzzle - Cannot ping between server and machine on client subnet, everything else works

Hi Daniel,

Daniel Mlodecki wrote:
> Hello everyone,
>
> I am trying to set up a VPN between my home and business that look like this:
>
> Home:
> (A) Ubuntu Linux 9.04 Desktop - 192.168.10.10 - OpenVPN Server
> (B) Windows Vista - 192.168.10.11
>
> Business:
> (C) Ubuntu Linux Server - 192.168.30.10 - OpenVPN Client
> (D) Windows XP - 192.168.30.11
>
> Each site uses a linksys router to access the internet. The goal is to
> be able to access both subnets from both networks.
>
> Right now, I can ping:
>
> Linux OpenVPN Client to Linux OpenVPN Server (C to A)
> Linux OpenVPN Server to Linux OpenVPN Client (A to C)
> Windows on client subnet to Linux OpenVPN Server (D to A)
> Windows on server subnet to Linux Open VPN Client (B to C)
> Windows on server subnet to Windows on client subnet (B to D)
> Windows on client subnet to Windows on server subnet (D to B)
> Linux OpenVPN Client to Windows on server subnet (C to B)
>
> I cannot ping:
> Linux OpenVPN Server to Windows on client subnet (A to D)
>
>
>   
Congratulations, you're almost there!!
This is not an openvpn issue but a routing issue.... from machine A try 
to do a ping to machine D using
  ping -I 192.168.10.10 192.169.30.11
if that DOES work (which I expect) then you've got a very typical 
routing issue with openvpn setups. What happens is, that when you ping a 
host on the client side LAN from the openvpn server then by default the 
IP source address is set to the VPN address (10.8.0.1) and NOT the LAN 
address; if the router on the client side does not know that all packets 
coming from 10.8.0.0/24 need to go back to the VPN client then you'll 
see the observed behaviour. Note that the source IP is chosen by the 
operating system thing, not by the openvpn software.

Before we continue let's first make sure that the above 'ping -I' 
command does work.

HTH,

JJK

> Here is my server.conf:
>
> port 10000
> proto udp
> dev tun
> ca ca.crt
> cert server.crt
> key server.key  # This file should be kept secret
> dh dh1024.pem
> server 10.8.0.0 255.255.255.0
> ifconfig-pool-persist ipp.txt
> push "route 192.168.10.0 255.255.255.0"
> #client2 is machine C.
> client-config-dir ccd
> route 192.168.30.0 255.255.255.0
> push "route 192.168.30.0 255.255.255.0"
> client-to-client
> keepalive 10 120
> comp-lzo
> user nobody
> group nogroup
> persist-key
> persist-tun
> log-append  /var/log/openvpn/openvpn.log
> status /var/log/openvpn/openvpn-status.log
> verb 4
> management localhost 7505
>
> And my ccd for client2:
> iroute 192.168.30.0 255.255.255.0
>
> And my client.conf on client2:
>
> client
> proto udp
> dev tun
> remote xxxxxxxxxxx.dyndns.org 10000
> resolv-retry infinite
> nobind
> persist-key
> persist-tun
> ns-cert-type server
> comp-lzo
> daemon
> writepid /var/run/openvpn.pid
> verb 3
> mute 20
> user nobody
> group nogroup
> cd /etc/openvpn
> ca keys/ca.crt
> cert keys/client2.crt
> key keys/client2.key
>
> Here are the routing tables for each machine:
>
> OpenVPN Client (C):
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 10.8.0.9        *               255.255.255.255 UH    0      0        0 tun0
> 10.8.0.0        10.8.0.9        255.255.255.0   UG    0      0        0 tun0
> 192.168.30.0    *               255.255.255.0   U     0      0        0 eth0
> 192.168.10.0    10.8.0.9        255.255.255.0   UG    0      0        0 tun0
> default         192.168.30.1    0.0.0.0         UG    100    0        0 eth0
>
> OpenVPN Server (A):
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0
> 10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
> 192.168.30.0    10.8.0.2        255.255.255.0   UG    0      0        0 tun0
> 192.168.10.0    *               255.255.255.0   U     0      0        0 eth0
> link-local      *               255.255.0.0     U     1000   0        0 eth0
> default         192.168.10.1    0.0.0.0         UG    100    0        0 eth0
>
> And finally, here are the routing tables from the routers, showing the
> routes I have added as per the openvpn documentation. (xxx.xxx.xxx.xxx
> = wan ip)
>
> Client side:
> Destination LAN IP   Subnet Mask   Gateway   Interface
> 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx WAN (Internet)
> xxx.xxx.xxx.xxx 255.255.255.255 xxx.xxx.xxx.xxx WAN (Internet)
> xxx.xxx.xxx.xxx 255.255.255.255 xxx.xxx.xxx.xxx WAN (Internet)
> 192.168.10.0 255.255.255.0 192.168.30.10 LAN & Wireless
> 192.168.30.0 255.255.255.0 192.168.30.1 LAN & Wireless
>
> Server side:
> Destination LAN IP  	Subnet Mask  	Gateway   	Interface
> 192.168.30.0 	255.255.255.0 	192.168.10.10 	LAN&Wireless
> 192.168.10.0 	255.255.255.0 	192.168.10.1 	LAN&Wireless
> xxx.xxx.xxx.xxx 	255.255.254.0 	xxx.xxx.xxx.xxx 	WAN
> 10.8.0.0 	255.255.0.0 	192.168.10.10 	LAN&Wireless
> 0.0.0.0 	0.0.0.0 	xxx.xxx.xxx.xxx 	WAN
> 127.0.0.1 	0.0.0.0 	127.0.0.1 	LOOPBACK
>
> I have read the relevant parts of the openvpn documentation, and
> searched for similar cases, but have been unable to solve the problem.
>  Any assistance, pointers, or other advice would be greatly
> appreciated.
>
>   

------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get

Fw: newbie, how to connect 2 nets

Hi,

 

Oops should (also) have gone to the list....

----------<quote>---------------------------------

 

The push route line lets the server tells the clients that the 2.0 network is behind the vpn tunnel on the server side. It is general for all clients and goes into the server.conf

 

the iroute line does two things:

- lets the server tell the OS that anything for the 1.0 network is behind the vpn tunnel, and

- it also needs to be assigned to a specific client for the openvpn software to know behind which link it is

The best way for that would be to create an openvpn\ccd directory. Create a file in that directory with the Certificate CN name used by the client. So if you have created a certificate with CN=ServerB then create a file openvpn\ccd\ServerB

In that file needs to be the iroute line.

As I'm using the Linux version and you will be using the Windows version make sure the ccd\ServerB file has the correct extention. For Linux there must be no extention, I don't know what it needs to be for the Windows version.

 

For the routing part remember that first the OS needs to know where to route each ip-address. But also openvpn does need to route internally to make sure each packet ends up at the proper tunnel. With a two node setup it is a given, but openvpn can handle a lot more. By telling openvpn what and how to route your part is done, openvpn will tell the OS.

 

The way I have it set up is to push route 172.16.0.0 255.255.0.0 eventhough the server is on a smaller network. That way everything not part of the network at the specific node will end up at the server where openvpn or the OS will know what to do with it. Each node is responsible for its own part of the 172.16.x.0 network, the server handles the rest.

 

 

Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.bloksma <at> tio.nl  / www.tio.nl

----- Original Message -----

From: Winanjaya - CBN

To: Bonno Bloksma

Sent: Friday, May 29, 2009 6:05 PM

Subject: Re: [Openvpn-users] newbie, how to connect 2 nets

do I need to put route 172.16.2.0 255.255.255.0 on server.ovpn and  iroute 172.16.1.0 255.255.255.0 on client.ovpn?

----- Original Message -----

From: Bonno Bloksma

To: Winanjaya - CBN

Sent: Friday, May 29, 2009 10:27 PM

Subject: Re: [Openvpn-users] newbie, how to connect 2 nets

Hi,

 

I would suggest tun as that is the easiest to setup to connect two networks, or even a few moer sites with just one connection per site.

 

We use 172.16.x.x throughout. I have reserved 172.16.0-7.x for routing networks. In my case we use 172.16.1.x for any OpenVPN tunnel.

Have the server at one site route all traffic for the other network through the tunnel using standard ip routing rules and vice versa.

 

I happen to use tap on my sites to site tunneld but that is because I have several sites and we use OSPF site to site routing as backup to the Entended Ethernet lines. In that case it is easier to use tap as it is then all just an ethernet network.

But endusers have a tun tunnel.

 

Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.bloksma <at> tio.nl  / www.tio.nl

----- Original Message -----

From: Winanjaya - CBN

To: Bonno Bloksma ; openvpn-users <at> lists.sourceforge.net

Sent: Friday, May 29, 2009 4:47 PM

Subject: Re: [Openvpn-users] newbie, how to connect 2 nets

what you suggest tun or tap for doing this ?

----- Original Message -----

From: Bonno Bloksma

To: openvpn-users <at> lists.sourceforge.net

Sent: Friday, May 29, 2009 9:04 PM

Subject: Re: [Openvpn-users] newbie, how to connect 2 nets

Hi,

 

One would the server, the other the client. It does not realy matter in a 2 node setup which is which.

Of course be aware of firewalls. If one server is behind a firewall that blocks incoming traffic then that one must be the client or you need to open up the openvpn port on the firewall.

 

Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.bloksma <at> tio.nl  / www.tio.nl

----- Original Message -----

From: Winanjaya - CBN

To: openvpn-users <at> lists.sourceforge.net

Sent: Friday, May 29, 2009 2:48 PM

Subject: [Openvpn-users] newbie, how to connect 2 nets

Dear All,

I have 2 networks (Net A and Net B) at different locations, Net A is on
172.16.1.0/24 and Net B is on 172.16.2.0/24

I plan to implement openvpn 2.1 on Windows 2003 server, how to connect Net A
& B? .. which one would be as server A or B?


Thanks & Regards


Winanjaya


------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, &
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
_______________________________________________
Openvpn-users mailing list
Openvpn-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, &
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com

_______________________________________________
Openvpn-users mailing list
Openvpn-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get

_______________________________________________
Openvpn-users mailing list
Openvpn-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users