Re: Openvpn Fedora tutorial?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



David Vernon wrote:
>> Is there a good tutorial for openvpn under Fedora?
>> I've followed the instructions at
>> <http://www.webhostingtalk.com/showthread.php?t=595436>
>> but they seem to have made things worse rather than better..
> 
> snip...
> 
>> 
>> Is there an openvpn doctor in the house?
>> All advice and suggestions gratefully received.
> 
> It would be easier to help if you posted included the contents of your
> config files (minus comments). Also the output of "iptables -L" would
> be good. Might want to "clean" the ip addrs just to protect the innocent
> (though that cat is out of the bag at this point it seems).

Thanks very much for your response.
I found when following your suggestion
that there was a typo in /etc/openvpn/server.conf
(I had the wrong location for one of the keys).
When I corrected this, and restarted openvpn on both machines,
everything appeared (from /var/log/messages) to be fine.
I have tun0 on my desktop at 192.168.5.1
and tun0 on my laptop at 192.168.5.6 .

I guess my question now is rather different -
I'm not sure what I can do with the connection.
I don't seem able to ssh in either direction.
And ping fails in both directions too.

Here are my server.conf and client.conf :
------------------------------
;local a.b.c.d

port 1194

;proto tcp
proto udp

;dev tap
dev tun

;dev-node MyTap

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key  # This file should be kept secret

dh /usr/local/openvpn/keys/dh1024.pem

;server 10.8.0.0 255.255.255.0
server 192.168.5.0 255.255.255.0

ifconfig-pool-persist ipp.txt

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"


;client-config-dir ccd
;route 192.168.40.128 255.255.255.248

;client-config-dir ccd
;route 192.168.40.128 255.255.255.248

;client-config-dir ccd
;route 10.9.0.0 255.255.255.252

;learn-address ./script

;push "redirect-gateway"

;push "dhcp-option DNS 10.8.0.1"
;push "dhcp-option WINS 10.8.0.1"

client-to-client

;duplicate-cn

keepalive 10 120

;tls-auth ta.key 0 # This file is secret

;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES

comp-lzo

;max-clients 100

;user nobody
;group nobody

persist-key
persist-tun

status openvpn-status.log

;log         openvpn.log
;log-append  openvpn.log

verb 3

;mute 20
------------------------------
client

;dev tap
dev tun

;dev-node MyTap

;proto tcp
proto udp

remote www.gayleard.com 1194
;remote my-server-2 1194

;remote-random

resolv-retry infinite

nobind

;user nobody
;group nobody

persist-key
persist-tun

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

;mute-replay-warnings

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/martha.crt
key /etc/openvpn/keys/martha.key
;ns-cert-type server

;tls-auth ta.key 1

;cipher x

comp-lzo

verb 3

;mute 20
------------------------------

I don't think there can be anything wrong with my firewall,
or I wouldn't have got this far.

But I am use shorewall on my desktop, 
with the two added lines in /etc/shorewall/rules
------------------------------
ACCEPT          net             $FW             udp     1194
ACCEPT          $FW             net             udp     1194
------------------------------

Again, any help or advice gratefully received.

-- 
Timothy Murphy  
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux