Date: Fri, 21 Mar 2014 20:32:11 -0000 From: Dave B <g8kbvdave@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: VPN choices? (OVPN) Message-ID: <532CA1CB.7067.32957C@g8kbvdave.gmail.com> In-Reply-To: <9A2BF0BC-04A9-4962-B5EA-E81447A807FC@lrckinfo.com> References: <532B192C.12964.1D3A617@g8kbvdave.gmail.com>, <9A2BF0BC-04A9-4962-B5EA-E81447A807FC@lrckinfo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi Dave, > > Not sure if you are having a problem with the install or configuration but if it's the > configuration then this page has all for a quick install and config. Skip the install > section if you are using package add and just follow the config. > > https://openvpn.net/index.php/open-source/documentation/howto.html#quick > > First note scripts need to be run in sh, not csh or bash. > > Second easy-rsa should be in /usr/local/share > > Once the keys are created cp/mv/ln -s the keys folder to a desired location such as > /usr/local/etc/keys (careful on the permissions). > > Change the server.conf file to point to your keys. > > Change the rc.conf to enable the server and point to your server.conf file; > > openvpn_enable="YES" > openvpn_configfile="/usr/local/etc/server.conf" > > Start the ovpn service; > > /usr/local/etc/rc.d/openvpn start > > Check /var/log/messages for errors. > > Nothing very special on the client side. Note if you are running a firewall make sure that it is not blocking UDP 1194 > If it's not working you do not need to reinstall FreeBSD. Delete the package, server.conf and the keys folder. > > Chris Thanks Chris. That's largely what I was doing (I think.) It's the form filling for the certificate creation that is tripping me up, not knowing in detail (like, the acceptable abreviations, codes and other semantics) what needs to be entered. What's the default shell for FreeBSD9.2? That's what will be in use. (By the sound of it, another something to trip over.) Also, it may sound silly, but what's wrong for example with "England" as the country? Is there a document somewhere that details the format of what goes into the certificate configureation files? (I have yet to find one, else I wouldn't ask.) It is that very page on the OpenVPN site:- https://openvpn.net/index.php/open-source/documentation/howto.html#quick Where I keep going round and round in circles. Especially as I wish to set up a bridge mode VPN, not routed mode, becaust I need UDP traffic as well as TCP. >From what I've read, only bridged mode will allow that. True/False??? No doubt it makes perfect sense, if you already know "how to" do it all. But not for me. Or others who have emailed me expressing the same frustration with it all. But am I the only one to ask questions when I can't get something going, I don't know. There again, I tell my customers at work, not to be afraid of asking even dumb questions, because that means I've not explained things well enough. Doing this (OVPN) I'm now the dumb user, exactly because I can't find all the information I need to know. Client firewall is not an issue, I have full control over that OK, but I will be behind a NAT router in most locations, that I will have no control over, other than sitting in front of a PC connected to such a thing. (Office, Hotel, Hotspot etc.) I've had to go to a family funeral today (Friday) and the fallout from that will rumble on for a little while, so a lot of this stuff will be on hold again, until I can get time to progress it. (I had been hoping to have this working by now, but...) That's my other problem, I'm doing all this in odd moments I get free, and not always in the same physical location, or even the same PC/VM! Not ideal, that and my handwriting is not condusive to making notes I can read the next day, so I have a growing collection of text files full of links to various sites, and notes as to how far I got before it all failed.. Thanks for your time. Dave B.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?532CA1CB.7067.32957C>