Update on the tcp/udp. I had it on udp but kept getting the connection dropped any time I really had some network traffic. I switched it to tcp and the problem went away. Thanks! Richard W. Pickett, Jr. President, CSR Technologies .com, Inc. Richard.Pickett@xxxxxxxxxxxxxxxxxxx Office - (270) 746-0324 Cell - (270) 303-9154 > -----Original Message----- > From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list- > bounces@xxxxxxxxxx] On Behalf Of Richard Pickett > Sent: Wednesday, September 27, 2006 1:37 PM > To: 'For users of Fedora Core releases' > Subject: RE: NetworkManager vpn eats the CPU > > > I unfortunately can't answer your question, but maybe you can answer > > mine: how do you use the openvpn support in NetworkManager? I've > > installed NetworkManager-openvpn, but I don't know what to do next. > > Additionally, I only want my openvpn connection to start when I plug my > > wireless card in. > > OK, I had to play with this for a little bit to get it to work. > > To get the packages `yum install NetworkManager-openvpn` > > You have to run your own openvpn server (or my company can sell you access > to their publicly-placed openvpn server, they do this as a service for a > number of clients). > > For your vpn server you have to go through the easy-rsa steps and setup > you're your certs. ****** make sure for the server cert you use > build-key-server ******* Whoever first built our keys used the normal > build-key for the server key and NetworkManager's call to openvpn > specified > --ns-cert-type server and wouldn't connect to our server until I rebuilt a > new key and restarted the server with it. > > The server config looks like this: > > <server.conf> > ifconfig-noexec > up /home/openvpn/wireless/vpn-server.up > ifconfig 10.254.252.1 255.255.255.0 > port 1194 > proto udp > dev tap0 > ca easy-rsa/keys/ca.crt > cert easy-rsa/keys/india1.crt > key easy-rsa/keys/india1.key # This file should be kept secret > dh easy-rsa/keys/dh1024.pem > ifconfig-pool-persist ipp.txt > server-bridge 10.254.252.1 255.255.255.0 10.254.252.2 10.254.252.254 > client-config-dir ccd > push "redirect-gateway" > push "dhcp-option DOMAIN csrtechnologies.com" > push "dhcp-option DNS 192.168.1.1" > client-to-client > keepalive 10 120 > comp-lzo > user openvpn > group openvpn > persist-key > persist-tun > status /home/openvpn/wireless/openvpn.status > log-append /home/openvpn/wireless/openvpn.log > verb 3 > </server.conf> > > india1.* are the cert files generated by the build-key-server script. > > Then use build-key for your client certs, copy them over to your client > box > and setup NetworkManager like so: > > Gateway: IP/dns of your openvpn server > X.509 > CA: ca.crt from easy-rsa > Cert: .crt generated by easy-rsa for your PC > Key: .key generated by easy-rsa for your PC > Optional Info: > > Check LZO (if you have comp-lzo on the server side) > Check TAP (if you have tap device on server side) > > This config connects up to my server just fine. Additionally you can > explore > using tls, use a tcp connection instead of udp (udp transports faster) and > use a cipher. > > I've posted to you everything I have done to get it to work. Let me know > if > you have any problems. > > > (BTW, I didn't know this existed until your post...thanks!) > > Isn't that cool? I solved my own problem and my problem introduced you to > a > new feature. > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list