Changes

[[Category:Howto]]

{{Warning box|: this contribution is obsolete. Prefer to refer towards [[OpenVPN_Bridge]], [[OpenVPN_Routed]], [[OpenVPN_SiteToSite]], ... contribs of Daniel B..}}

==Maintainer==

==Maintainer==

This howto has been developed by Jesper Knudsen (username Knuddi) which can be reached via email at mailto:contribs@swerts-knudsen.dk

This howto has been developed by [[User:Knuddi|Jesper Knudsen]] from [http://smeoptimizer.swerts-knudsen.dk SME Optimizer]

Website http://sme.swerts-knudsen.dk

 

The files needed here from the site hosting it - http://sme.swerts-knudsen.dk/ - are not available anymore.

==Description==

==Description==

OpenVPN is an excellent way to provide remote access to users from home or on the road. OpenVPN provides a complete replacement of the time to time unreliable PPTP VPN which is a part of the standard SME distribution. This Howto is focused on using OpenVPN as a Windows 2k/XP/Vista Client to Server VPN connection. The installation consists of two steps, first the the portion which resides on the server and then the Client. I the following setup it is assumed that the local IP range for the private network is 192.168.1.0/24 and that the tunneled VPN network will be 192.168.100.0/24.

OpenVPN (http://www.openvpn.net) is an excellent way to provide remote access to users from home or on the road. OpenVPN provides a complete replacement of the time to time unreliable PPTP VPN which is a part of the standard SME distribution. This Howto is focused on using OpenVPN in routed mode as a Windows 2k/XP/Vista Client to Server VPN connection. The installation consists of two steps, first the the portion which resides on the server and then the Client. I the following setup it is assumed that the local IP range for the private network is 192.168.1.0/24 and that the tunneled VPN network will be 192.168.100.0/24.

{{Note box|OpenVPN-Bridge contribution is an alternative to this (with even a server-manager panel) but seems more targeted site<->end clients configurations. See http://sme.firewall-services.com/spip.php?rubrique3}}

 

{{Note box|OpenVPN-Bridge contribution is an alternative to this (with even a server-manager panel) but is more targeted site<->end clients configurations. See http://wiki.contribs.org/OpenVPN_Bridge}}

 

{{Note box|You can also take a look at http://wiki.contribs.org/OpenVPN_SiteToSite . It's an alternative, with a panel in the server-manager and is specially made to connect several SME Servers together.}}

 

{{Note box|You can also take a look at http://wiki.contribs.org/PHPki as another alternative, with a panel in the server-manager.}}

==OpenVPN Server Configuration==

==OpenVPN Server Configuration==

First Collect and install the rpm`s as indicated below. The RPM are taken from DAG's repository which is pretty extensive.

For SME 7x, first Collect and install the rpm`s as indicated below. The RPM are taken from DAG's repository which is pretty extensive.

  cd /root

  cd /root

  mkdir openvpn

  mkdir openvpn

  cd openvpn

  cd openvpn

  wget http://dag.wieers.com/rpm/packages/lzo2/lzo2-2.02-3.el4.rf.i386.rpm

  wget http://rpmforge.sw.be/redhat/el4/en/i386/rpmforge/RPMS/lzo-2.04-1.el4.rf.i386.rpm

  wget http://dag.wieers.com/rpm/packages/openvpn/openvpn-2.0.9-1.el4.rf.i386.rpm

  wget http://dag.wieers.com/rpm/packages/openvpn/openvpn-2.0.9-1.el4.rf.i386.rpm

  rpm -Uvh *.rpm

  rpm -Uvh *.rpm

  cd /usr/share/doc/openvpn-2.0.9/easy-rsa

  cd /usr/share/doc/openvpn-2.0.9/easy-rsa

  pico vars

  pico vars

Now we can create the master certificate. Choose the defaults as entered into the vars file. You will need to enter values for the "Organizational Unit Name" which you can set to "VPN" and"Common Name" could be set to "Server"

Now we can create the master certificate. Choose the defaults as entered into the vars file. You will need to enter values for the "Organizational Unit Name" which you can set to "VPN" and"Common Name" could be set to "Server"

  cd /etc/openvpn

  cd /etc/openvpn

  mkdir -p /var/log/openvpn

  mkdir -p /var/log/openvpn

  wget -N http://sme.swerts-knudsen.com/downloads/OpenVPN/server.conf

  wget http://sme.swerts-knudsen.dk/downloads/OpenVPN/OpenVPN.tgz

wget -N http://sme.swerts-knudsen.com/downloads/OpenVPN/logoff.sh

  tar xzf OpenVPN.tgz

  wget -N http://sme.swerts-knudsen.com/downloads/OpenVPN/logoff_user.pl

wget -N http://sme.swerts-knudsen.com/downloads/OpenVPN/openvpn.up

  chmod 755 *.pl

  chmod 755 *.pl

  chmod 755 *.sh

  chmod 755 *.sh

  chmod 700 *.up

  chmod 700 *.up

Now you need to make a few changes to the /etc/openvpn/server.conf. Change the domain name listed as ''yourdomain.com'', ensure that the DNS server pushed to the clients is correct (dhcp-option DNS 192.168.1.1) and lastly the route net pushed (route 192.168.1.0).

Now you need to make a few changes to the /etc/openvpn/server.conf. Change the domain name listed as ''yourdomain.com'', ensure that the DNS server pushed to the clients is correct (dhcp-option DNS 192.168.1.1) and lastly the route net pushed (route 192.168.1.0).

  verb 3

  verb 3

If you are running this server is "server-gateway mode" you now need to open port 1194 for UDP traffic as this is the default tunnel for OpenVPN. Now go into the Server Manager panel under port forwarding and forward UDP/1194 to "localhost". If your server is in "server mode" nothing needs to be done here.

If you are running this server is "server-gateway mode" you now need to open port 1194 for UDP traffic as this is the default tunnel for OpenVPN. Now go into the Server Manager panel under port forwarding and forward UDP/1194 to "localhost".  

If your server is in "server mode" you also need to fiddle with IPTables. Install the port opener and ensure to update the navigation panel. You will now have a "Port Opening" in the "Configuration" sections of the server-manager. Use it to open UDP/1194.

 

You now need to add the VPN address range as a local networks in the server-manager under the Security section.  

You now need to add the VPN address range as a local networks in the server-manager under the Security section.  

===When running the OpenVPN Client on MS Vista it fails updating routes===

===When running the OpenVPN Client on MS Vista it fails updating routes===

You need to make sure you run the OpenVPN GUI as administrator. See this page on details how to do that http://www.howtogeek.com/howto/windows-vista/always-start-an-application-in-administrator-mode-on-windows-vista/

You need to make sure you run the OpenVPN GUI as administrator. See this page on details how to do that http://www.howtogeek.com/howto/windows-vista/always-start-an-application-in-administrator-mode-on-windows-vista/

===How do I report a problem or a suggestion?===

===How do I report a problem or a suggestion?===

This contrib has not yet been created in the bugtracker so just send an email to mailto:contribs@swerts-knudsen.dk

This contrib has not yet been created in the bugtracker so just send an email to mailto:contribs@swerts-knudsen.dk