can't find openvpn key folder

qwertyjjj · 09-19-2009, 11:34 AM

Quote:

Generate the master Certificate Authority (CA) certificate & key

In this section we will generate a master CA certificate/key, a server certificate/key, and certificates/keys for 3 separate clients.

For PKI management, we will use a set of scripts bundled with OpenVPN.

If you are using Linux, BSD, or a unix-like OS, open a shell and cd to the easy-rsa subdirectory of the OpenVPN distribution. If you installed OpenVPN from an RPM file, the easy-rsa directory can usually be found in /usr/share/doc/packages/openvpn or /usr/share/doc/openvpn-2.0 (it's best to copy this directory to another location such as /etc/openvpn, before any edits, so that future OpenVPN package upgrades won't overwrite your modifications). If you installed from a .tar.gz file, the easy-rsa directory will be in the top level directory of the expanded source tree.

I have installed using yum install openvpn but cannot find the easy-rsa directory. Any ideas?
locate easy-rsa finds nothing

prasanta · 09-19-2009, 12:07 PM

I think you have double posted the same in the Newbie section.

Regards,

--
Prasanta

qwertyjjj · 09-19-2009, 12:30 PM

Quote:

Originally Posted by prasanta

I think you have double posted the same in the Newbie section.

Regards,

--
Prasanta

the other post is just a bout finding a suitable vpn...

the folder doesn't exist.

[root@localhost usr]# locate easy-rsa
[root@localhost usr]# cd /usr/share/openvpn/easy-rsa
-bash: cd: /usr/share/openvpn/easy-rsa: No such file or directory
[root@localhost usr]# locate openvpn
/usr/share/doc/dnsmasq-2.50/openvpn
/usr/share/doc/dnsmasq-2.50/openvpn/README
/usr/share/doc/dnsmasq-2.50/openvpn/dhclient-enter-hooks
/usr/share/doc/dnsmasq-2.50/openvpn/dnsmasq.patch
/usr/share/doc/selinux-policy-2.4.6/html/services_openvpn.html
/usr/share/logwatch/default.conf/services/openvpn.conf
/usr/share/logwatch/scripts/services/openvpn
[root@localhost usr]#

qwertyjjj · 09-20-2009, 08:59 AM

?
yum install openvpn should do the job but it doesn't seem to install the easy-rsa folder?
I have no way to generate the keys without that.

prasanta · 09-20-2009, 09:32 AM

I think the openvpn package is broken. Try it with the `dag` repository. It will be located in, /usr/share/doc/openvpn-2.0.9/easy-rsa

Regards,

--
Prasanta

qwertyjjj · 09-20-2009, 09:43 AM

Quote:

Originally Posted by prasanta

I think the openvpn package is broken. Try it with the `dag` repository. It will be located in, /usr/share/doc/openvpn-2.0.9/easy-rsa

Regards,

--
Prasanta

I did this - didn't work. Is there another way?

Code:

[root@localhost ~]# rpm -i openvpn-2.0.9-1.el5.rf.i386.rpm
        package openvpn-2.0.9-1.el5.rf.i386 is already installed
[root@localhost ~]#

Quote:

[root@localhost ~]# wget http://dag.wieers.com/rpm/packages/openvpn/openvpn-2.0. 9-1.el5.rf.i386.rpm
--15:41:55-- http://dag.wieers.com/rpm/packages/o...2.0.9-1.el5.rf. i386.rpm
Resolving dag.wieers.com... 62.213.193.164
Connecting to dag.wieers.com|62.213.193.164|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://rpmforge.sw.be/redhat/el5/en/...penvpn-2.0.9-1 .el5.rf.i386.rpm [following]
--15:41:55-- http://rpmforge.sw.be/redhat/el5/en/...MS/openvpn-2.0 .9-1.el5.rf.i386.rpm
Resolving rpmforge.sw.be... 130.133.35.16
Connecting to rpmforge.sw.be|130.133.35.16|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 371633 (363K) [application/x-rpm]
Saving to: `openvpn-2.0.9-1.el5.rf.i386.rpm'

100%[=======================================>] 371,633 1011K/s in 0.4s

15:41:56 (1011 KB/s) - `openvpn-2.0.9-1.el5.rf.i386.rpm' saved [371633/371633]

[root@localhost ~]# yum install openvpn-2.0.9-1.el5.rf.i386.rpm
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* rpmforge: ftp-stud.fht-esslingen.de
* base: mirror.bytemark.co.uk
* updates: mirror.bytemark.co.uk
* addons: mirror.bytemark.co.uk
* extras: mirror.bytemark.co.uk
rpmforge | 1.1 kB 00:00
base | 1.1 kB 00:00
updates | 951 B 00:00
addons | 951 B 00:00
extras | 1.1 kB 00:00
Excluding Packages in global exclude list
Finished
Setting up Install Process
Parsing package install arguments
Examining openvpn-2.0.9-1.el5.rf.i386.rpm: openvpn-2.0.9-1.el5.rf.i386
openvpn-2.0.9-1.el5.rf.i386.rpm: does not update installed package.
Nothing to do
[root@localhost ~]#

prasanta · 09-20-2009, 10:01 AM

Remove the `openvpn` package that is already installed. Then add the `dag` repository to yum, and then install `openvpn` again. I have tried it just now and is able to find those directories.

http://pastebin.ca/1572925

I have installed it via yum.

Regards,

--
Prasanta

qwertyjjj · 09-20-2009, 10:06 AM

Quote:

Originally Posted by prasanta

Remove the `openvpn` package that is already installed. Then add the `dag` repository to yum, and then install `openvpn` again. I have tried it just now and is able to find those directories.

http://pastebin.ca/1572925

I have installed it via yum.

Regards,

--
Prasanta

How can I add a repository to yum?
I can only find instructions on how to do it with rpm.

prasanta · 09-20-2009, 10:10 AM

Quote:

How can I add a repository to yum?
I can only find instructions on how to do it with rpm.

'

Open,

Code:

/etc/yum.repos.d/CentOS-Base.repo

in your favorite editor being root, then add the following lines,

Code:

[dag]
name=Dag
baseurl=http://dag.freshrpms.net/redhat/el$releasever/en/$basearch/dag
gpgcheck=0
enabled=1

Please ensure that in all the other mirrors, `enabled` is equal to `0`.

Regards,

--
Prasanta

qwertyjjj · 09-20-2009, 10:17 AM

Thanks - works now - I'll get that fixed.
For VPN to work, do I need many ports open? Because the client machine will have many different applications using many ports or are they all tunnelled on 1 port?
If 1port, then how can an outgoing 2345 from the client connect to 4000 on another server but with my machine in the middle?

prasanta · 09-20-2009, 10:22 AM

By default, if I am not mistaken, it runs on port 1194. You need to accept incoming connection on that port. You being in the middle, you can port forward the request to the server.

Regards,

--
Prasanta

qwertyjjj · 09-20-2009, 10:25 AM

Quote:

Originally Posted by prasanta

By default, if I am not mistaken, it runs on port 1194. You need to accept incoming connection on that port. You being in the middle, you can port forward the request to the server.

Regards,

--
Prasanta

1/ But how do I know what port connections are coming in on 1194?
For example if the client uses MSN messenger connecting on port 8888, do I have to have 8888 open on my server or only 1194? When my server receives a response from the msn server, do I need 8888 open on incoming and outgoing???? I would need to open every single port for a vpn to work properly?

prasanta · 09-20-2009, 10:42 AM

You need to open only port 1194. In the clients configuration file you can mention the port number. So anyone tries to connect will only hit the mentioned port.

`vars`, `clean-all` scripts does not have executable permissions and hence you are getting the error. Try doing

Code:

. ./clean-all

as you had done for `vars`.

Regards,

--
Prasanta

qwertyjjj · 09-20-2009, 10:46 AM

Quote:

Originally Posted by prasanta

You need to open only port 1194. In the clients configuration file you can mention the port number. So anyone tries to connect will only hit the mentioned port.

`vars`, `clean-all` scripts does not have executable permissions and hence you are getting the error. Try doing

Code:

. ./clean-all

as you had done for `vars`.

Regards,

--
Prasanta

So, MSN running on port 1080 on the client connects to my VPN via 1194.
What happens to the connection after that point?
My server passes on the request to MSN but how does it receive a response if the port 1080 on my server is not open?

prasanta · 09-20-2009, 10:57 AM

Are you planning to log into the VPN server using MSN? Normally you would have the openvpn client (including software) wherein you specify the server name along with the port.

Regards,

--
Prasanta