3,054
edits
Changes
From SME Server
Jump to navigationJump to search
mLine 1:
Line 1: − + − + + + − + + + + + + + + + + − + − First Collect and install the rpm`s as indicated below. The RPM are taken from DAG's repository which is pretty extensive.+ − + + + + + + + + + + + + Line 22:
Line 44: + + + + + + Line 57:
Line 85: − + − wget -N http://sme.swerts-knudsen.com/downloads/OpenVPN/logoff.sh+ − wget -N http://sme.swerts-knudsen.com/downloads/OpenVPN/logoff_user.pl − wget -N http://sme.swerts-knudsen.com/downloads/OpenVPN/validate.sh − wget -N http://sme.swerts-knudsen.com/downloads/OpenVPN/validate_user.pl − wget -N http://sme.swerts-knudsen.com/downloads/OpenVPN/openvpn.up + Line 102:
Line 127: − + Line 175:
Line 200: + + + + + + + + +
no edit summary
[[Category:Howto]]
{{Warning box|: this contribution is obsolete. Prefer to refer towards [[OpenVPN_Bridge]], [[OpenVPN_Routed]], [[OpenVPN_SiteToSite]], ... contribs of Daniel B..}}
==Maintainer==
==Maintainer==
This howto has been developed by [[User:Knuddi|Jesper Knudsen]]
This howto has been developed by [[User:Knuddi|Jesper Knudsen]] from [http://smeoptimizer.swerts-knudsen.dk SME Optimizer]
The files needed here from the site hosting it - http://sme.swerts-knudsen.dk/ - are not available anymore.
==Description==
==Description==
OpenVPN is an excellent way to provide remote access to users from home or on the road. OpenVPN provides a complete replacement of the time to time unreliable PPTP VPN which is a part of the standard SME distribution. This Howto is focused on using OpenVPN as a Windows 2k/XP/Vista Client to Server VPN connection. The installation consists of two steps, first the the portion which resides on the server and then the Client. I the following setup it is assumed that the local IP range for the private network is 192.168.1.0/24 and that the tunneled VPN network will be 192.168.100.0/24.
OpenVPN (http://www.openvpn.net) is an excellent way to provide remote access to users from home or on the road. OpenVPN provides a complete replacement of the time to time unreliable PPTP VPN which is a part of the standard SME distribution. This Howto is focused on using OpenVPN in routed mode as a Windows 2k/XP/Vista Client to Server VPN connection. The installation consists of two steps, first the the portion which resides on the server and then the Client. I the following setup it is assumed that the local IP range for the private network is 192.168.1.0/24 and that the tunneled VPN network will be 192.168.100.0/24.
{{Note box|From OpenVPN website: I would recommend using routing unless you need a specific feature which requires bridging, such as:
* the VPN needs to be able to handle non-IP protocols such as IPX,
* you are running applications over the VPN which rely on network broadcasts (such as LAN games), or
* you would like to allow browsing of Windows file shares across the VPN without setting up a Samba or WINS server. }}
{{Note box|OpenVPN-Bridge contribution is an alternative to this (with even a server-manager panel) but is more targeted site<->end clients configurations. See http://wiki.contribs.org/OpenVPN_Bridge}}
{{Note box|You can also take a look at http://wiki.contribs.org/OpenVPN_SiteToSite . It's an alternative, with a panel in the server-manager and is specially made to connect several SME Servers together.}}
{{Note box|OpenVPN-Bridge contribution is an alternative to this (with even a server-manager panel) but seems more targeted site<->end clients configurations. See http://sme.firewall-services.com/spip.php?rubrique3}}
{{Note box|You can also take a look at http://wiki.contribs.org/PHPki as another alternative, with a panel in the server-manager.}}
==OpenVPN Server Configuration==
==OpenVPN Server Configuration==
For SME 7x, first Collect and install the rpm`s as indicated below. The RPM are taken from DAG's repository which is pretty extensive.
cd /root
cd /root
mkdir openvpn
mkdir openvpn
cd openvpn
cd openvpn
wget http://dag.wieers.com/rpm/packages/lzo2/lzo2-2.02-3.el4.rf.i386.rpm
wget http://rpmforge.sw.be/redhat/el4/en/i386/rpmforge/RPMS/lzo-2.04-1.el4.rf.i386.rpm
wget http://dag.wieers.com/rpm/packages/openvpn/openvpn-2.0.9-1.el4.rf.i386.rpm
wget http://dag.wieers.com/rpm/packages/openvpn/openvpn-2.0.9-1.el4.rf.i386.rpm
rpm -Uvh *.rpm
For SME 8x, the easiest way is to get the RPM from the DAG repository.
cd /root
mkdir openvpn
cd openvpn
wget http://apt.sw.be/redhat/el5/en/i386/dag/RPMS/lzo-2.06-1.el5.rf.i386.rpm
wget http://apt.sw.be/redhat/el5/en/i386/dag/RPMS/openvpn-2.2.2-1.el5.rf.i386.rpm
# (--[[User:Ddougan|Ddougan]] 20:53, 6 September 2012 (MDT))
wget http://apt.sw.be/redhat/el5/en/i386/dag/RPMS/pkcs11-helper-1.08-1.el5.rf.i386.rpm
rpm -Uvh *.rpm
rpm -Uvh *.rpm
cd /usr/share/doc/openvpn-2.0.9/easy-rsa
cd /usr/share/doc/openvpn-2.0.9/easy-rsa
pico vars
pico vars
For SME8.x
cd /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0/
nano vars
chmod 744 *
chmod -R 700 keys
Now we can create the master certificate. Choose the defaults as entered into the vars file. You will need to enter values for the "Organizational Unit Name" which you can set to "VPN" and"Common Name" could be set to "Server"
Now we can create the master certificate. Choose the defaults as entered into the vars file. You will need to enter values for the "Organizational Unit Name" which you can set to "VPN" and"Common Name" could be set to "Server"
cd /etc/openvpn
cd /etc/openvpn
mkdir -p /var/log/openvpn
mkdir -p /var/log/openvpn
wget -N http://sme.swerts-knudsen.com/downloads/OpenVPN/server.conf
wget http://sme.swerts-knudsen.dk/downloads/OpenVPN/OpenVPN.tgz
tar xzf OpenVPN.tgz
chmod 755 *.pl
chmod 755 *.pl
chmod 755 *.sh
chmod 755 *.sh
chmod 700 *.up
chmod 700 *.up
rm -rf OpenVPN.tgz
Now you need to make a few changes to the /etc/openvpn/server.conf. Change the domain name listed as ''yourdomain.com'', ensure that the DNS server pushed to the clients is correct (dhcp-option DNS 192.168.1.1) and lastly the route net pushed (route 192.168.1.0).
Now you need to make a few changes to the /etc/openvpn/server.conf. Change the domain name listed as ''yourdomain.com'', ensure that the DNS server pushed to the clients is correct (dhcp-option DNS 192.168.1.1) and lastly the route net pushed (route 192.168.1.0).
If your server is in "server mode" you also need to fiddle with IPTables. Install the port opener and ensure to update the navigation panel. You will now have a "Port Opening" in the "Configuration" sections of the server-manager. Use it to open UDP/1194.
If your server is in "server mode" you also need to fiddle with IPTables. Install the port opener and ensure to update the navigation panel. You will now have a "Port Opening" in the "Configuration" sections of the server-manager. Use it to open UDP/1194.
rpm -Uvh http://sme.swerts-knudsen.com/downloads/dmc-mitel-portopening-0.0.1-4.noarch.rpm
rpm -Uvh http://sme.swerts-knudsen.dk/downloads/dmc-mitel-portopening-0.0.1-4.noarch.rpm
/etc/e-smith/events/actions/navigation-conf
/etc/e-smith/events/actions/navigation-conf
This contrib has not yet been created in the bugtracker so just send an email to mailto:contribs@swerts-knudsen.dk
This contrib has not yet been created in the bugtracker so just send an email to mailto:contribs@swerts-knudsen.dk
==Other articles in this category==
{{#ask: [[Category:VPN]]}}
----
[[Category:Howto]]
[[Category:Administration:VPN]]
[[Category:VPN]]
