3,054
edits
Changes
From SME Server
Jump to navigationJump to search
mLine 27:
Line 27: − + Line 262:
Line 262: − + Line 277:
Line 277: − + Line 392:
Line 392: − +
→Ubuntu 12.10 64bit
<tabs container><tab name="For SME 10">
<tabs container><tab name="For SME 10">
/!\ new default cipher = AES-128-GCM and HMAC SHA256, if you have issues check the configuration options
/!\ new default cipher = AES-128-CBC and HMAC SHA256, if you have issues check the configuration options
yum --enablerepo=smecontribs install smeserver-openvpn-bridge
yum --enablerepo=smecontribs install smeserver-openvpn-bridge
====Linux with Network Manager====
====Linux with Network Manager====
{{Incomplete}}
{{Incomplete}}
You can see french page for Debian.
=====Ubuntu 12.10 64bit=====
=====Ubuntu 12.10 64bit=====
(Not tested in 32bit but will most likely work)
(Not tested in 32bit but will most likely work)
*Go to '''server-manager panel > openvpn-bridge''' click on "Display a functional client configuration file". Copy and paste this into a text editor and save with '''.ovpn''' extension into the "openvpn" folder. Make sure user.p12 is replaced with the name of the .p12 (PCKS#12 Bundle) client file downloaded previously. Also check that the '''remote''' (gateway) is the correct server url.
*Go to '''server-manager panel > openvpn-bridge''' click on "Display a functional client configuration file". Copy and paste this into a text editor and save with '''.ovpn''' extension into the "openvpn" folder. Make sure user.p12 is replaced with the name of the .p12 (PCKS#12 Bundle) client file downloaded previously. Also check that the '''remote''' (gateway) is the correct server url.
*In ubuntu go to '''Network Manager > VPN Connections > Configure VPN'''. Click '''import''' then in the explorer navigate to the openvpn folder in the home directory and select the .ovpn file created previously. This should automatically load all settings into network manager.
*In ubuntu go to '''Network Manager > VPN Connections > Configure VPN'''. Click '''import''' then in the explorer navigate to the openvpn folder in the home directory and select the .ovpn file created previously. This should automatically load all settings into network manager.
*Add username and password of client, then you have to give the path of the '''user.p12''' key of your user and set the Private key password (the password set during the certificate creation in phpky).
*Add username and password of client, then you have to give the path of the '''user.p12''' key of your user and set the Private key password (the password set during the certificate creation in phpki).
*After that you have to select the 'advanced' panel and go to 'TLS authentication'. Enable the use of TLS authentication, give the path or your '''takey.pem''' and select the key direction to 1. (if needed)
*After that you have to select the 'advanced' panel and go to 'TLS authentication'. Enable the use of TLS authentication, give the path or your '''takey.pem''' and select the key direction to 1. (if needed)
*As a note, when connected successfully to the vpn, browsing the internet may not work in tandem, therefore go to '''ipv4 settings''' tab when editing the vpn connection. Click on "Routes" and check "Use this connection only for resources on its network". Also try adding 8.8.4.4 to "Additional DNS Servers" (This is google's dns servers).
*As a note, when connected successfully to the vpn, browsing the internet may not work in tandem, therefore go to '''ipv4 settings''' tab when editing the vpn connection. Click on "Routes" and check "Use this connection only for resources on its network". Also try adding 8.8.4.4 to "Additional DNS Servers" (This is google's dns servers).
*'''access''': (private|public) you should let this to public as running a VPN server just for the local network make no sens
*'''access''': (private|public) you should let this to public as running a VPN server just for the local network make no sens
*'''cipher''': (valid cipher name) You can force the cipher to use. Starting SME 10, default is AES-256-GCM . If you put auto ( or delete this key, for SME9 and before ) the default will be the current of openvpn wich is as per 2.4 :BF-CBC. Also when both client and server are at least version 2.4, they will negotiate the stronger cipher both side support. SME10 enforce the following authorized ciphers: --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC . To have the list of the supported cipher, issue the command
*'''cipher''': (valid cipher name) You can force the cipher to use. Starting SME 10, default is AES-128-CBC . If you put auto ( or delete this key, for SME9 and before ) the default will be the current of openvpn wich is as per 2.4 : BF-CBC. Also when both client and server are at least version 2.4, they will negotiate the stronger cipher both side support. SME10 enforce the following authorized ciphers: --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC . To have the list of the supported cipher, issue the command
openvpn --show-ciphers
openvpn --show-ciphers
