RE: NetworkManager vpn eats the CPU

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Update on the tcp/udp. I had it on udp but kept getting the connection
dropped any time I really had some network traffic. I switched it to tcp and
the problem went away.

 
Thanks!





Richard W. Pickett, Jr.
President, CSR Technologies .com, Inc.
Richard.Pickett@xxxxxxxxxxxxxxxxxxx
Office - (270) 746-0324
Cell    - (270) 303-9154
 

> -----Original Message-----
> From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-
> bounces@xxxxxxxxxx] On Behalf Of Richard Pickett
> Sent: Wednesday, September 27, 2006 1:37 PM
> To: 'For users of Fedora Core releases'
> Subject: RE: NetworkManager vpn eats the CPU
> 
> > I unfortunately can't answer your question, but maybe you can answer
> > mine: how do you use the openvpn support in NetworkManager?  I've
> > installed NetworkManager-openvpn, but I don't know what to do next.
> > Additionally, I only want my openvpn connection to start when I plug my
> > wireless card in.
> 
> OK, I had to play with this for a little bit to get it to work.
> 
> To get the packages `yum install NetworkManager-openvpn`
> 
> You have to run your own openvpn server (or my company can sell you access
> to their publicly-placed openvpn server, they do this as a service for a
> number of clients).
> 
> For your vpn server you have to go through the easy-rsa steps and setup
> you're your certs. ****** make sure for the server cert you use
> build-key-server ******* Whoever first built our keys used the normal
> build-key for the server key and NetworkManager's call to openvpn
> specified
> --ns-cert-type server and wouldn't connect to our server until I rebuilt a
> new key and restarted the server with it.
> 
> The server config looks like this:
> 
> <server.conf>
> ifconfig-noexec
> up /home/openvpn/wireless/vpn-server.up
> ifconfig 10.254.252.1 255.255.255.0
> port 1194
> proto udp
> dev tap0
> ca easy-rsa/keys/ca.crt
> cert easy-rsa/keys/india1.crt
> key easy-rsa/keys/india1.key  # This file should be kept secret
> dh easy-rsa/keys/dh1024.pem
> ifconfig-pool-persist ipp.txt
> server-bridge 10.254.252.1 255.255.255.0 10.254.252.2 10.254.252.254
> client-config-dir ccd
> push "redirect-gateway"
> push "dhcp-option DOMAIN csrtechnologies.com"
> push "dhcp-option DNS 192.168.1.1"
> client-to-client
> keepalive 10 120
> comp-lzo
> user openvpn
> group openvpn
> persist-key
> persist-tun
> status /home/openvpn/wireless/openvpn.status
> log-append /home/openvpn/wireless/openvpn.log
> verb 3
> </server.conf>
> 
> india1.* are the cert files generated by the build-key-server script.
> 
> Then use build-key for your client certs, copy them over to your client
> box
> and setup NetworkManager like so:
> 
> Gateway: IP/dns of your openvpn server
> X.509
> CA: ca.crt from easy-rsa
> Cert: .crt generated by easy-rsa for your PC
> Key: .key generated by easy-rsa for your PC
> Optional Info:
> 
> Check LZO (if you have comp-lzo on the server side)
> Check TAP (if you have tap device on server side)
> 
> This config connects up to my server just fine. Additionally you can
> explore
> using tls, use a tcp connection instead of udp (udp transports faster) and
> use a cipher.
> 
> I've posted to you everything I have done to get it to work. Let me know
> if
> you have any problems.
> 
> > (BTW, I didn't know this existed until your post...thanks!)
> 
> Isn't that cool? I solved my own problem and my problem introduced you to
> a
> new feature.
> 
> 
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux