3,250
edits
Changes
From SME Server
Jump to navigationJump to search→Bugs
<blockquote style="float: right;">[[File:openvpn.png|250px]]</blockquote><br>
<blockquote style="float: right;">[[File:openvpn.png|250px]]</blockquote><br>
===Maintainer===
===Maintainer===
[mailto:daniel@firewall-services.com[[User:VIP-ire|Daniel B.]]] from [http://www.firewall-services.com Firewall Services]
[mailto:daniel@firewall-services.com][[User:VIP-ire|Daniel B.]] from [http://www.firewall-services.com Firewall Services]
=== Version ===
=== Version ===
{{ #smeversion: smeserver-openvpn-bridge }}
{{#smeversion: smeserver-openvpn-bridge }}
{{#smeversion: smeserver-bridge-interface}}
yum --enablerepo=smecontribs,epel install smeserver-openvpn-bridge
yum --enablerepo=smecontribs,epel install smeserver-openvpn-bridge
<headertabs/>
<headertabs />
# Blank out the IP if defined as 'undef'
# Blank out the IP if defined as 'undef'
if [ $IP == 'undef' ]; then
if [ $IP == 'undef' ]; then
IP=''
IP=
fi
fi
/sbin/e-smith/db $DBNAME set $CERT rule comment "$COM" redirectGW "$REDIR" ip "$IP"
/sbin/e-smith/db $DBNAME set $CERT rule comment "$COM" redirectGW "$REDIR" ip "$IP"
* at TLS authentication, give the path of the takey.pem and enable it with the direction 1 (if needed)
* at TLS authentication, give the path of the takey.pem and enable it with the direction 1 (if needed)
* click on the small folder near the first certificate and go to the bundle certificate downloaded into convenient folder - all certificates should be filled up
* click on the small folder near the first certificate and go to the bundle certificate downloaded into convenient folder - all certificates should be filled up
* Note: I recommend to check also in '''IPv4 > route''' ''Use this connection only for resources on its network"
* Note: I recommend to check also in '''IPv4 > route''' ''Use this connection only for resources on its network"''
* save and test
* save and test
* click on the small folder near the second certificate and go to the cacert.pem certificate downloaded into convenient folder
* click on the small folder near the second certificate and go to the cacert.pem certificate downloaded into convenient folder
* click on the small folder near the third certificate and go to the user-key.pem certificate downloaded into convenient folder
* click on the small folder near the third certificate and go to the user-key.pem certificate downloaded into convenient folder
** Note: I recommend to check also in '''IPv4 > route''' ''Use this connection only for resources on its network"
** Note: I recommend to check also in '''IPv4 > route''' ''Use this connection only for resources on its network"''
* save and test
* save and test
[[Image:proxy-setting.png|width|800px]]<br />
[[Image:proxy-setting.png|width|800px]]<br />
=== Workarounds and known issues ===
if you migrate from SME8 to SME9 and are not able to connect after correctly migrating your certificates, this might be related to not secure enough algorithm. CentOS 6.9 release notes state that "Support for insecure cryptographic protocols and algorithms has been dropped. This affects usage of MD5, SHA0, RC4 and DH parameters shorter than 1024 bits." Of course real solution would be to migrate all your certs to better algorithm.
workaround :<syntaxhighlight lang="bash">
echo -e "LegacySigningMDs md2 md5\nMinimumDHBits 512\n" >> /etc/pki/tls/legacy-settings
service openvpn-bridge restart
</syntaxhighlight>
=== Bugs ===
=== Bugs ===
