From owner-freebsd-questions@FreeBSD.ORG Fri Mar 21 20:32:15 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4C327A69 for ; Fri, 21 Mar 2014 20:32:15 +0000 (UTC) Received: from mail-we0-x22c.google.com (mail-we0-x22c.google.com [IPv6:2a00:1450:400c:c03::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D6668E9A for ; Fri, 21 Mar 2014 20:32:14 +0000 (UTC) Received: by mail-we0-f172.google.com with SMTP id t61so1951660wes.17 for ; Fri, 21 Mar 2014 13:32:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:to:date:mime-version:subject:message-id:priority:in-reply-to :references:content-type:content-transfer-encoding :content-description; bh=ZFXAyUo/ZlYszOZSg8Ns6m7ZVLlyJ9cR1Pcydc1xZEM=; b=uJv84oLGCCDXj9j4N3z9W6ABiYk6Qs/tp6PTII73eijvlwyoqykTB+GK4kXKI+wcUe +3xRvFytUW6KlOZG6WctUzT4oVW777CqSQJ5aApdroul+VAZwMM9XA1iJzexwmGflfya YFJiO+sQujxVOzt8TH2Xppkffvno3S4oGDQmfDlrbUmFLULAOEGWteHu325QPyZL2WfA gzUev6+htLwaOu452xMv95QeZdRFIU7o8np12GTcD07u3J+C9vtO2t4OfDXTMepcEYKq 1jOrIuz5MCiJTp7N30yhMAY4StyE+wX+Ko9QUQ3Nr68xcD8kCRoMbKromlvT4w72tGTG 92EA== X-Received: by 10.180.187.16 with SMTP id fo16mr4969133wic.26.1395433933365; Fri, 21 Mar 2014 13:32:13 -0700 (PDT) Received: from [192.168.42.17] (dyn-62-56-53-230.dslaccess.co.uk. [62.56.53.230]) by mx.google.com with ESMTPSA id ee5sm9127960wib.8.2014.03.21.13.32.12 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 21 Mar 2014 13:32:12 -0700 (PDT) From: Dave B To: freebsd-questions@freebsd.org Date: Fri, 21 Mar 2014 20:32:11 -0000 MIME-Version: 1.0 Subject: Re: VPN choices? (OVPN) Message-ID: <532CA1CB.7067.32957C@g8kbvdave.gmail.com> Priority: normal In-reply-to: <9A2BF0BC-04A9-4962-B5EA-E81447A807FC@lrckinfo.com> References: <532B192C.12964.1D3A617@g8kbvdave.gmail.com>, <9A2BF0BC-04A9-4962-B5EA-E81447A807FC@lrckinfo.com> X-mailer: Pegasus Mail for Windows (4.62) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 20:32:15 -0000 > Hi Dave, > > Not sure if you are having a problem with the install or configuration but if it's the > configuration then this page has all for a quick install and config. Skip the install > section if you are using package add and just follow the config. > > https://openvpn.net/index.php/open-source/documentation/howto.html#quick > > First note scripts need to be run in sh, not csh or bash. > > Second easy-rsa should be in /usr/local/share > > Once the keys are created cp/mv/ln -s the keys folder to a desired location such as > /usr/local/etc/keys (careful on the permissions). > > Change the server.conf file to point to your keys. > > Change the rc.conf to enable the server and point to your server.conf file; > > openvpn_enable="YES" > openvpn_configfile="/usr/local/etc/server.conf" > > Start the ovpn service; > > /usr/local/etc/rc.d/openvpn start > > Check /var/log/messages for errors. > > Nothing very special on the client side. Note if you are running a firewall make sure that it is not blocking UDP 1194 > If it's not working you do not need to reinstall FreeBSD. Delete the package, server.conf and the keys folder. > > Chris Thanks Chris. That's largely what I was doing (I think.) It's the form filling for the certificate creation that is tripping me up, not knowing in detail (like, the acceptable abreviations, codes and other semantics) what needs to be entered. What's the default shell for FreeBSD9.2? That's what will be in use. (By the sound of it, another something to trip over.) Also, it may sound silly, but what's wrong for example with "England" as the country? Is there a document somewhere that details the format of what goes into the certificate configureation files? (I have yet to find one, else I wouldn't ask.) It is that very page on the OpenVPN site:- https://openvpn.net/index.php/open-source/documentation/howto.html#quick Where I keep going round and round in circles. Especially as I wish to set up a bridge mode VPN, not routed mode, becaust I need UDP traffic as well as TCP. >From what I've read, only bridged mode will allow that. True/False??? No doubt it makes perfect sense, if you already know "how to" do it all. But not for me. Or others who have emailed me expressing the same frustration with it all. But am I the only one to ask questions when I can't get something going, I don't know. There again, I tell my customers at work, not to be afraid of asking even dumb questions, because that means I've not explained things well enough. Doing this (OVPN) I'm now the dumb user, exactly because I can't find all the information I need to know. Client firewall is not an issue, I have full control over that OK, but I will be behind a NAT router in most locations, that I will have no control over, other than sitting in front of a PC connected to such a thing. (Office, Hotel, Hotspot etc.) I've had to go to a family funeral today (Friday) and the fallout from that will rumble on for a little while, so a lot of this stuff will be on hold again, until I can get time to progress it. (I had been hoping to have this working by now, but...) That's my other problem, I'm doing all this in odd moments I get free, and not always in the same physical location, or even the same PC/VM! Not ideal, that and my handwriting is not condusive to making notes I can read the next day, so I have a growing collection of text files full of links to various sites, and notes as to how far I got before it all failed.. Thanks for your time. Dave B.