Hello All. Has anyone been successful at setting up the openVPN plugin?
If so I really could use a hand, I have been going round and round with this plugin for a month and no luck. It is giving me a couple of redlines at the top and hanging without starting. Rackspace wants to charge me to get it going, but I know there is someone smart enough here that has done this with this plugin.
I tried to email the plugin maker, but so far they have ignored me and its been about five days and all of the howtos on Centos describe putting openVPN 2.0.9 but the plugin uses OpenVPN version 2.0_rc16, OpenSSL version 0.9.7e and it sets up OpenVPN in different directorys than all of the 100+ howtos that I have tried. There does not seem to exist a howto on this plugin.
Here is the setup if someone could help me figure out what I am overlooking.
centOS 5.4
I have got the keys generated and they seem to check out ok, I'm just having a problem with the network setup.
The main Question is how to set up the network and do I need a bridge device.
the goal is to watch hulu and american tv as I am in Prague.
Here are the Plugin forms, as of now I put some stuff in and it just hangs and goes round and round, never starting the VPN server. Some of the naming conventions on this plugin are not correlating with the documentation, and the normal howto's describe setting it up with a .config file in /etc/openvpn, but this plugin creates /etc/openvpn/servers/VPNName(1st slotbelow)/ccd.
My servers ip is 179.203.211.184 and my netmask is 255.255.255.0
So as you can imagine, I'm about ready to twist my head off. I have marked the needed parts with (????)question marks.
Name (I can figure this one out!)
port (Port) 1194
proto (Protocol) (UDP)
Device (tun) ???
Bridge Device (???) if so what do I call it??
Network Device for Bridge (???)
IP config for bridge (???) IP-Address/Gateway : (???)
Netmask : (???)
IP-Range for Bridge-Clients Start: End: (???)
management (Enable Management) (no) Enable: IP: 127.0.0.1 Port:
ca (Certification Authority) static (done)
Choose key staticserverkey (done)
Certificate Server automatic
Key Server automatic
Diffie-Hellman random file dh2048.pem
enable TLS and assume server role during TLS handshake (???)
Local host name or IP address (????)
Net IP assigns (option server) (???) network netmask (????)
Persist/unpersist ifconfig-pool data to file, at seconds intervals (default=600), as well as on program startup and shutdown (option ifconfig-pool-persist) (???)
Because the OpenVPN server mode handles multiple clients through a single tun or tap interface, it is effectively a router (option client-to-client) (YES)
Allow multiple clients with the same common name to concurrently connect (option duplicate-cn) NO
Add an additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks (option tls-auth) (YES)
ccd-exclusive (Clients enabled only for this server) (yes)
Encrypt packets with cipher algorithm (option cipher) (DES-CFB 64 bit Default)
Use fast LZO compression (option comp-lzo) (YES)
Limit server to a maximum of n concurrent clients (option max-clients) (6)
User (nobody)
Group (nobody)
Don't re-read key files (option persist-key) (???)
Don't close and reopen TUN/TAP device or run up/down scripts (option persist-tun)
keepalive (A helper directive designed to simplify the expression of ping and ping-restart in server mode configurations) Ping: Ping-Restart:
Set output verbosity
Log at most n consecutive messages in the same category
Complete path of status log file openvpn-status.log
Complete path of log file openvpn.log
tun-mtu (Take the TUN device MTU to be n and derive the link MTU from it)
fragment (Enable internal datagram fragmentation so that no UDP datagrams are sent which are larger than max bytes)
mssfix (Announce to TCP sessions running over the tunnel that they should limit their send packet sizes such that after OpenVPN has encapsulated them, the resulting UDP packet size that OpenVPN sends to its peer will not exceed max bytes)
float (Allow remote peer to change its IP address and/or port number)
chroot (Chroot to dir after initialization) /etc/openvpn
Additional Configurations
example:
push "route 192.168.100.0 255.255.255.0" (?????????????)
This parameter adds a route to the client when it's connected
PRE/POST UP/DOWN commands
up-pre (script execute before VPN up) ((????)
up (script execute after VPN up) ((???)
down-pre (script execute before VPN down) (???)
down (script execute after VPN down) (????)
I'm trying to connect with windows 7, are there any special caveats or setting that I may need?
Anyone that can help gets a night on the town in Prague next time your here, and I get to call you a badass!
Hi When you say plug-in, what do you mean by that.
because i am also using openVPN server on rackspace on port 80 to bypass my company restricted web usage policy, because they have blocked all non standard port, so I am using this server without any issue, because on that server we are hosting our MySQL db, so I have port 80 available to use it, so I am using port 80 for openVPN admin & client management site & port 443 for my client connectivity. because these are not blocked by our firewall in IT department.
I have not faced any problem installing & configuring it. I am bit confused about your statement plugin, is this some sort of virtualmin plug-in that integrates it self & user management is automated via virtualmin, is that what you are doing.
Yes sir, there is a plug in for OpenVPN administration and yes, I was trying to use the management inside virtualmin.
http://www.webmin.com/cgi-bin/search_third.cgi?modules=1
OpenVPN-admin 2.5 Description Webmin OpenVpn Admin Module allows you to create static or CA-based VPNs through a Web interface Now we have the TAP device... and many enhancements Changelog: Changes 01. The device number (tun0, tun1, ...) is automatically added and interactiv Download openvpn-2.5.wbm.gz Website http://www.openit.it/index.php?option=com_content&view=section&id=12&Ite... Author Giuliano Natali & Marco Colombo Last updated 2009-07-01 10:13:46
These guys apparently ignore any questions about the plugin, and it should be removed from the page. In fact, everyone seems to ignore this entire comment, you are the first to send a reply. Has no-one used this plug in ? It shouldnt be this difficult.
I see the open VPN server and it is running. I just cannot get the correct settings I believe due to the plugins admin page having different terms than the actual config files in openvpn.
I own the server so firewalls are not an issue and the relevent ports are open.
As listed in the original comment, the plugins administration form is not clear. What I was hoping is that the ???? could be filled in for a normal working config as these are the ones that I cannot get going.
Maybe the plug in is just a Fail....cant find out, no response from makers.
IF someone with a working openVPN config were to install the plugin, I believe that the required admin sections would be auto filled, and then give the answer that has eluded me for the last two months.
Thanks for any help you can give.
Charles The original pu
I am in the middle of rolling out 150 CentOS vms for my test & qa teams, I have snapshots available for these vms, I will play with it as a fresh install of openVPN server & the Virtualmin GPL & the openVPN plug-in you are referring to, I will update you may be tomorrow or may be day after tomorrow, but definitely I will share my results with you.
But wait for two days.
I do appreciate that, I would not bother anyone, but I have really tried hundreds of combos and cannot get it to start.
I will await your input,
Thank you.
Can I get a bump in this forum?
its been 7 weeks and nothing but silence.
i dont know how to help you with this.
however did you try it without the VM Plugin and set it up according to the centos documents?
yes I did try the centos setup, and it does not seem to work either, it is that the directory structure is different in centos, compared to the virtualmin, and its all convoluted and does not make sence to me and I'm no dummy. Ive got 3 virtualmin servers up hosting about 19 websites, CDN networks, CRM, etc and I own a website servicing customers from all over the world. Before that I did in home PC repair and business server repair and setup for a living.
I really think they should remove the plugin from the repo, cause it does not work as it should, and the authors of it do not respond at all to any questions. Very Rude indeed. Jamie did respond that they do not verify any of the plugins for functionality...lame.
Member for 22 weeks 7 hours ..and no VPN. No worries though, I have used proxifier and ssh to get what I wanted which was Hulu from Prague.
I just used the OpenVPN + CA module to set up the VPN, and it works, I am not pinging over the internal IP address.
Actually, the interface is quite helpful, but there are a number of steps you have to finish: Set up the CA, set up server certificate, set up the server, set up client certificate, add the client to the server, export the certificate (and the client conf) from the server's list of clients.
I think that the module should be kept, but documentation and support is definitely necessary. Especially, understand the certificates is important.
My server system: OpenVPN version 2.0_rc16 Redhat Linux Fedora 8 openssl 0.9.7e Webmin 1.550 Linux 2.6.23.15-137.fc8
@cdrummer: Actually, all of the configuration directives are explained in this link: http://openvpn.net/index.php/open-source/documentation/howto.html You don't have to use most of them.
For watching Hulu from Prague, I recommend squid with digest authentication: Easier to set-up. Hulu cannot stream if the connection is bad, though.