How to Configure a VPN...

bskrakes · 12-29-2009, 02:03 PM

Does anyone out there know how to configure a VPN? I'd like to figure it out and post a good HOW TO, there doesn't seem to be many out there.

rweaver · 12-29-2009, 04:48 PM

Most of the howto's for openvpn are pretty good.

http://openvpn.net/index.php/open-so...ion/howto.html

bskrakes · 12-30-2009, 11:51 AM

Hey, thanks for the reply...

So I did try the "HOW TO" and of course I ran into issues... I'm trying to avoid issues (obviously that is hard to do in Linux).

http://www.openvpn.net/index.php/ope...o.html#install

When I go to build the RPM from the tar.gz I get the following error:

Quote:

[root@server Downloads]# rpmbuild -tb openvpn-2.1.1.tar.gz error: Failed build dependencies:
pkcs11-helper-devel is needed by openvpn-2.1.1-1.x86_64
[root@server Downloads]#

I have done some Googling but I can't find a solid answer... Some people suggest I build the above missing package but then I get this error:

Quote:

[root@server Downloads]# rpmbuild -tb pkcs11-helper-1.07.tar.bz2error: Package already exists: %package devel
[root@server Downloads]#

So yeah this isn't as easy as people say is...

bskrakes · 01-27-2010, 02:13 PM

Alright so I guess no one wants to reply...

I have looked at several, and I mean SEVERAL OpenVPN "How to's and Guides" BUT NONE of them do a basic install like the OpenVPN documentation suggests. Everyone takes the easy route and uses DAG RPM or another third party. In any event I have had great success following the instructions from the OpenVPN website, with ONE exception: I can't get the darn thing to start.

The guide doesn't say anything about HOW TO call the correct scripts for start-up and shutdown. If anyone can provide some insight that would be great. Here is some more info: once the openvpn-2.x.x.tar.gz in uncompressed there are some sample files:

Quote:

[root@localhost openvpn]# ls -l
total 32
-rwxr-xr-x 1 1000 1000 3540 Oct 4 15:29 client.conf
drwxrwxrwx 5 1000 1000 4096 Dec 11 2009 easy-rsa
drwxrwxrwx 2 1000 1000 4096 Dec 11 2009 sample-config-files
drwxrwxrwx 2 1000 1000 4096 Dec 11 2009 sample-keys
drwxrwxrwx 2 1000 1000 4096 Dec 11 2009 sample-scripts

Inside of the sample-scripts folder there is:

Quote:

[root@localhost openvpn]# ls -l sample-scripts/
total 32
-rwxr-xr-x 1 1000 1000 2408 Oct 1 12:02 auth-pam.pl
-rwxr-xr-x 1 1000 1000 743 Oct 1 12:02 bridge-start
-rwxr-xr-x 1 1000 1000 315 Oct 1 12:02 bridge-stop
-rwxr-xr-x 1 1000 1000 772 Nov 14 2009 bs
-rwxr-xr-x 1 1000 1000 5475 Oct 1 12:02 openvpn.init
-rwxr-xr-x 1 1000 1000 339 Oct 1 12:02 ucn.pl
-rwxr-xr-x 1 1000 1000 1755 Oct 1 12:02 verify-cn

The file openvpn.init actually tells you the following:

Quote:

#!/bin/sh
#
# openvpn This shell script takes care of starting and stopping
# openvpn on RedHat or other chkconfig-based system.
#
# chkconfig: 345 24 76
#
# description: OpenVPN is a robust and highly flexible tunneling application that
# uses all of the encryption, authentication, and certification features
# of the OpenSSL library to securely tunnel IP networks over a single
# UDP port.
#

# Contributed to the OpenVPN project by
# Douglas Keller <doug@voidstar.dyndns.org>
# 2002.05.15

# To install:
# copy this file to /etc/rc.d/init.d/openvpn
# shell> chkconfig --add openvpn
# shell> mkdir /etc/openvpn
# make .conf or .sh files in /etc/openvpn (see below)

# To uninstall:
# run: chkconfig --del openvpn

# Author's Notes:
#
# I have created an /etc/init.d init script and enhanced openvpn.spec to
# automatically register the init script. Once the RPM is installed you
# can start and stop OpenVPN with "service openvpn start" and "service
# openvpn stop".
#
# The init script does the following:
#
# - Starts an openvpn process for each .conf file it finds in
# /etc/openvpn.
#
# - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes
# it before starting openvpn (useful for doing openvpn --mktun...).
#
# - In addition to start/stop you can do:
#
# service openvpn reload - SIGHUP
# service openvpn reopen - SIGUSR1
# service openvpn status - SIGUSR2
#
# Modifications:
#
# 2003.05.02
# * Changed == to = for sh compliance (Bishop Clark).
# * If condrestart|reload|reopen|status, check that we were
# actually started (James Yonan).
# * Added lock, piddir, and work variables (James Yonan).
# * If start is attempted twice, without an intervening stop, or
# if start is attempted when previous start was not properly
# shut down, then kill any previously started processes, before
# commencing new start operation (James Yonan).
# * Do a better job of flagging errors on start, and properly
# returning success or failure status to caller (James Yonan).
#
# 2005.04.04
# * Added openvpn-startup and openvpn-shutdown script calls
# (James Yonan).
#

# Location of openvpn binary
openvpn=""
openvpn_locations="/usr/sbin/openvpn /usr/local/sbin/openvpn"
for location in $openvpn_locations
do
if [ -f "$location" ]
then
openvpn=$location
fi
done

# Lockfile
lock="/var/lock/subsys/openvpn"

# PID directory
piddir="/var/run/openvpn"

# Our working directory
work=/etc/openvpn
Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
if [ ${NETWORKING} = "no" ]
then
echo "Networking is down"
exit 0
fi

# Check that binary exists
if ! [ -f $openvpn ]
then
echo "openvpn binary not found"
exit 0
fi

# See how we were called.
case "$1" in
start)
echo -n $"Starting openvpn: "

/sbin/modprobe tun >/dev/null 2>&1

# From a security perspective, I think it makes
# sense to remove this, and have users who need
# it explictly enable in their --up scripts or
# firewall setups.

#echo 1 > /proc/sys/net/ipv4/ip_forward

# Run startup script, if defined
if [ -f $work/openvpn-startup ]; then
$work/openvpn-startup
fi

if [ ! -d $piddir ]; then
mkdir $piddir
fi

if [ -f $lock ]; then
# we were not shut down correctly
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill `cat $pidf` >/dev/null 2>&1
fi
rm -f $pidf
done
rm -f $lock
fi

rm -f $piddir/*.pid
cd $work

# Start every .conf in $work and run .sh if exists
errors=0
successes=0
for c in `/bin/ls *.conf 2>/dev/null`; do
bn=${c%%.conf}
if [ -f "$bn.sh" ]; then
. $bn.sh
fi
rm -f $piddir/$bn.pid
$openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work
if [ $? = 0 ]; then
successes=1
else
errors=1
fi
done

if [ $errors = 1 ]; then
failure; echo
else
success; echo
fi

if [ $successes = 1 ]; then
touch $lock
fi
;;
stop)
echo -n $"Shutting down openvpn: "
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill `cat $pidf` >/dev/null 2>&1
fi
rm -f $pidf
done

# Run shutdown script, if defined
if [ -f $work/openvpn-shutdown ]; then
$work/openvpn-shutdown
fi

success; echo
rm -f $lock
;;
restart)
$0 stop
sleep 2
$0 start
;;
reload)
if [ -f $lock ]; then
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill -HUP `cat $pidf` >/dev/null 2>&1
fi
done
else
echo "openvpn: service not started"
exit 1
fi
;;
reopen)
if [ -f $lock ]; then
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill -USR1 `cat $pidf` >/dev/null 2>&1
fi
done
else
echo "openvpn: service not started"
exit 1
fi
;;
condrestart)
if [ -f $lock ]; then
$0 stop
# avoid race
sleep 2
$0 start
fi
;;
status)
if [ -f $lock ]; then
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill -USR2 `cat $pidf` >/dev/null 2>&1
fi
done
echo "Status written to /var/log/messages"
else
echo "openvpn: service not started"
exit 1
fi
;;
*)
echo "Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}"
exit 1
;;
esac
exit 0

So can some help me out? I did do the first part and I have the .conf file created but I still am unable to start OpenVPN by typing:

Quote:

openvpn server.conf

Thanks!

bskrakes · 01-28-2010, 12:58 PM

So it turns out that the following didn't work: (that is everything but the make install)

Quote:

./configure
make
make install

I was finally able to get my server started, I had to re-run the make install process and then I was able to run service openvpn start. Now I am having fun trying to connect via Windows... which connection tool/GUI do I use?