Openvpn2

Similar Messages

• Probs with openvpn

  Has anybody got OpenVPN2 working well under Arch? I had no trouble setting it up under Slackware, but for some reason I'm failing with Arch.
  I get this error message every time I try to log on:
  Note: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
  Note: Attempting fallback to kernel 2.2 TUN/TAP interface
  Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2)
  This is after I've manually created the device /dev/net/tun using the following procedure:
  # mkdir /dev/net
  # mknod /dev/net/tun c 10 200
  # modprobe tun
  # echo 1 > /proc/sys/net/ipv4/ip_forward
  I verified the existence of /dev/net/tun and the permissions seem fine on /dev/net and /dev/net/tun.
  Any ideas? As I say, this same procedure works fine on Slackware 10.1, also running kernel 2.6.11.
  Thanks.

  IceRAM wrote:2. the permissions might be ok, but the application might run with different permissions under each distributions (you might want to check this too)
  =drop privileges of the current user and switch to another more restricted one (for security reasons), like apache does. The new user rights should match the node permissions.
  Also, check the Udev rules. I don't know if there are rules for those nodes in the default ruleset.

• OpenVPN problem, can't reach server's subnet

  Hello all
  I'm trying to get an OpenVPN configuration working and hope someone with experience in it can help me out. I have a PowerMac G4 running 10.4.11, with openvpn2 and Tunnelblick installed. I've set up CA certs and keys for a client Powerbook running 10.5.4. On the client I also have Tunnelblick.
  The VPN server's subnet is 10.91.3.0/24; the gateway is 10.91.3.1 and the server is 10.91.3.201.
  Its openvpn.conf is set to serve 10.8.0.0/24 to VPN traffic. I have a Netgear router running dd-wrt firmware at 10.91.3.1.
  If I hook my Powerbook into a neighbour's open wireless network (subnet 192.168.1.0/24), I can successfully create a tunnel into my network and ping the server (and vice versa). I can reach file sharing on the server machine. However, I cannot figure out how to reach the
  subnet. This is the real goal, since at my company, the whole point will be to try to use VNC, AFP and printing services on a variety of machines on the subnet. I only need the client to be able to reach the server subnet, not the other way around, and I have no need for logged-in clients to reach each other; it's more of a road-warrior setup I need.
  As I understand it, I can either use a routed VPN network, or bridged. Bridged seems like the ideal situation, since I'd love to get the client machine on the same subnet and not have to worry about routing. But I'm trying both methods.
  So, on the server I have this openvpn.conf:
  *server 10.8.0.0 255.255.255.0*
  *push "route 10.91.3.0 255.255.255.0"*
  *ipconfig-pool-persist ipp.txt*
  *port 1194*
  *proto udp*
  *dev tun0*
  *ca /opt/local/etc/openvpn2/easy-rsa/keys/ca.crt*
  *cert /opt/local/etc/openvpn2/easy-rsa/keys/server.crt*
  *key /opt/local/etc/openvpn2/easy-rsa/keys/server.key*
  *dh /opt/local/etc/openvpn2/easy-rsa/keys/dh1024.pem*
  client-to-client
  *keepalive 10 120*
  comp-lzo
  *user nobody*
  *group nobody*
  persist-key
  persist-tun
  *status openvpn-status.log*
  *verb 3*
  On the client, I have this:
  client
  *dev tun0*
  *; up ./vpn-up.sh # doesn't seem to work, see note below*
  *proto udp*
  *remote MYDYNDNS.homeip.net 1194*
  *resolv-retry infinite*
  nobind
  *user nobody*
  *group nobody*
  persist-key
  persist-tun
  *ca /opt/local/etc/openvpn2/ca.crt*
  *cert /opt/local/etc/openvpn2/powerbook.crt*
  *key /opt/local/etc/openvpn2/powerbook.key*
  *ns-cert-type server*
  comp-lzo
  *verb 3*
  On the server's router, I have set this static route:
  *Destination LAN net: 10.8.0.0*
  *Subnet mask: 255.255.255.0*
  *Gateway: 10.91.3.201*
  *Interface: LAN and WLAN*
  And, finally, I've enabled IP forwarding on the VPN server using:
  *sudo sysctl -w net.inet.ip.forwarding=1*
  (Is this reset on reboot? Do I have to add a IPFORWARDING=-YES- to /etc/hostconfig for persistent forwarding, or do something else?)
  Both client and the VPN server's OS X firewall and the gateway's SPI firewall are disabled for now.
  So, what am I doing wrong? What step have I missed out? I'm sure it must be something obvious. I know that, with a routed network, I won't be able to receive broadcasts, so how do I reach other machines on the subnet - should I be able to ping their (I guess would have to be
  static) IP addresses at the server subnet (10.91.3.0/24)?
  Note that I've already tried using an "up" script in the client's openvpn.conf (setting "ipconfig set tun0 DHCP"), but it gives me an error "script failed: shell command exited with error status 1".
  This post is long enough already, but to note briefly, I have tried bridging using "server-bridge 10.91.3.1 255.255.255.0 10.91.3.160 10.91.3.180", switching the device from tun0 to tap0, and removing the gateway's static routing command. But, again, no dice.
  Please help if you can! Many thanks!
  Matt

  We have both an Outlook web client structure that works with our Exchange email setup.  On some documentation things read like this:
  [Exchange] Outlook Web App 
  That is, our server is identifed as 'outlook' but the client is Exchange.  I am not knowledgeable of the nuances of the terminology or structure, just that this has baffled several levels of IT support at a large university.  I ask about Google because there are multiple other threads that imply a problem with Google apps, Gmail accounts and other Google activity (sync) that seems to interfere with Exchange mail.  I will return to the IT service yet again as you have suggested.  This began as I was overseas--in France--and had a number of people trying to share Google docs with my account at teh same time as the mail "locked up".  Just looking for advice as was suggested by the IT Help servce.