Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How I got openvpn up and running.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
will_k
n00b
n00b


Joined: 08 Jan 2004
Posts: 13

PostPosted: Sat Jun 12, 2004 7:18 am    Post subject: How I got openvpn up and running. Reply with quote

Quick and dirty:

#emerge openvpn bridge-utils

add bridging and tap/tun to kernel

Device Drivers --->Networking support ---><M> Universal TUN/TAP device driver support
Device Drivers --->Networking support --->Networking options ---><M> 802.1d Ethernet Bridging

install & reboot with new kernel

#mkdir /dev/net
#mknod /dev/net/tun c 10 200
add "alias char-major-10-200 tun" to /etc/modules.conf if not there
#echo 1 > /proc/sys/net/ipv4/ip_forward
add "bridge" and "tun" to /etc/modules.autoload.d/kernel-2.x

reboot

nano-w /etc/init.d/net.tap0

"
#!/sbin/runscript

start() {
ebegin "Bringing tap0 up"
/usr/sbin/openvpn --mktun --dev tap0
/sbin/ifconfig tap0 up
eend $?
}

stop() {
ebegin "Bringing tap0 down"
/sbin/ifconfig tap0 down
eend $?
}
"
#/etc/init.d/net.tap0 start
#rc-update add net.tap0 default

nano -w /etc/conf.d/bridge

"
bridge="br0"
bridge_br0_devices="tap0 eth0"
"

add "iface_eth0="0.0.0.0" iface_br0="dhcp" gateway="br0/x.x.x.x"" to /etc/conf.d/net

#/etc/init.d/net.eth0 restart
#/etc/init.d/bridge start
#rc-update add bridge default

#mkdir -p /etc/openvpn/tunnel1
#nano -w /etc/openvpn/tunnel1/local.conf
add
"remote x.x.x.x
dev tap0
secret key.txt
comp-lzo
ping 15
verb 4"

created a static key.txt file and sftp it to the remote site's /etc/openvpn/tunnel1

setup your firewall accordingly (use examples from openvpn's website)

/etc/init.d/openvpn start
rc-update add openvpn default


_________________
--Earth wanderer on the beautiful sailing vessel named "friendship"--

If I don't reply right away, check back next year :D
Back to top
View user's profile Send private message
ElForesto
n00b
n00b


Joined: 26 Feb 2004
Posts: 26
Location: Salt Lake City, UT USA

PostPosted: Tue Jun 22, 2004 5:26 am    Post subject: Reply with quote

Thanks for making the howto. I'm running into a error when trying to start up net.tap0:

Code:
root@tblconstruction net # /etc/init.d/net.tap0 start
 * Bringing tap0 up...
Mon Jun 21 22:23:09 2004 0: Note: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
Mon Jun 21 22:23:09 2004 1: Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Mon Jun 21 22:23:09 2004 2: Cannot open TUN/TAP dev /dev/tap0: No such file or directory (errno=2)
Mon Jun 21 22:23:09 2004 3: Exiting
tap0: unknown interface: No such device                                   [ !! ]

root@tblconstruction net #


I had followed all the steps to that point, and /dev/net/tun exists. Any thoughts?
Back to top
View user's profile Send private message
will_k
n00b
n00b


Joined: 08 Jan 2004
Posts: 13

PostPosted: Fri Jun 25, 2004 2:42 pm    Post subject: Reply with quote

Did you add tun to your /etc/modules.autoload.d/kernel-2.x ?
I did leave that out of the howto.

You need TUN/TAP device driver support built into the kernel AND loaded if its built as a module.
#lsmod should reveal if its loaded as module then do

#mkdir /dev/net
#mknod /dev/net/tun c 10 200
_________________
--Earth wanderer on the beautiful sailing vessel "Friendship"--

If I don't reply right away...check back next year :)
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17811

PostPosted: Fri Jun 25, 2004 7:46 pm    Post subject: Re: How I got openvpn up and running. Reply with quote

will_k wrote:
add "iface_eth0="0.0.0.0" iface_br0="dhcp" gateway="br0/x.x.x.x"" to /etc/conf.d/net
Is that all on one line in the file, as in:
Code:
iface_eth0="0.0.0.0" iface_br0="dhcp" gateway="br0/x.x.x.x"
I'm just verifying, as I already have an iface_eth0 definition.
_________________

Believing I had supernatural powers I slammed into a brick wall.
I said hey, is this my problem? Is this my fault?
Back to top
View user's profile Send private message
will_k
n00b
n00b


Joined: 08 Jan 2004
Posts: 13

PostPosted: Tue Jul 06, 2004 5:27 am    Post subject: Reply with quote

No, separate lines. Sorry for the confusion.

iface_eth0="0.0.0.0"
iface_br0="dhcp"
gateway="br0/x.x.x.x"

ofcourse the dhcp could be set to a static configuration and the x.x.x.x needs to be substituted with your gateway.
_________________
--Earth wanderer on the beautiful sailing vessel "Friendship"--

If I don't reply right away...check back next year :)
Back to top
View user's profile Send private message
ElForesto
n00b
n00b


Joined: 26 Feb 2004
Posts: 26
Location: Salt Lake City, UT USA

PostPosted: Wed Jul 07, 2004 7:39 pm    Post subject: Reply with quote

It would appear that the TUN module won't load. I added it to the list of modules to load, and I tried loading it manually, but it is not listed when I use lsmod. *is not sure what to do next*
Back to top
View user's profile Send private message
White Star
n00b
n00b


Joined: 14 Jan 2004
Posts: 37

PostPosted: Thu Jul 08, 2004 3:49 am    Post subject: Reply with quote

ElForesto wrote:
It would appear that the TUN module won't load. I added it to the list of modules to load, and I tried loading it manually, but it is not listed when I use lsmod. *is not sure what to do next*


Just out of curiosity, have you given it a run having TUN loaded as part of the kernel rather than a module? (I don't necessarily know the answer. I'm just reaching for straws m'self.)
_________________
I am a born hunter and you are my prey. Can the deer defeat the wolf?
Back to top
View user's profile Send private message
ElForesto
n00b
n00b


Joined: 26 Feb 2004
Posts: 26
Location: Salt Lake City, UT USA

PostPosted: Mon Jul 12, 2004 11:48 pm    Post subject: Reply with quote

Actually, yes. A friend recommended compiling TUN into the kernel instead of as a module, and it worked quite nicely to solve that particular problem. Now on to the rest of the how-to...
Back to top
View user's profile Send private message
drkstorm
Tux's lil' helper
Tux's lil' helper


Joined: 22 Apr 2004
Posts: 118

PostPosted: Wed Jul 21, 2004 4:37 am    Post subject: Reply with quote

I am having a lot of trouble figuring out what device needs what ip address. I had no trouble compiling the kernel with tun and bridge, and tap0 starts just fine on both, my questions are in the br0 and ethX configs... see below for my questions

My current setup:
Code:

               Server 1
                ETH0 - PPP0 (dhcp assigned ip from ISP)-----------
           ---- ETH1 - 192.168.1.2                                |
          |                                                       |
192.168.1.0/24                                                Internet
                                                                  |
                                                                  |
               Server 2                                           |
                ETH0 - (209.xxx.xxx.xx static from ISP)-----------
           ---- ETH1 - 192.168.1.1
          |
192.168.1.0/24


Server #1 /etc/conf.d/net (uncommented lines only) (This server uses rp-pppoe to get it's ip, dns, and gateway info):
Code:

iface_eth1="192.168.1.2 broadcast 192.168.1.255 netmask 255.255.255.0"
iface_eth0="up"


Server #2 /etc/conf.d/net (uncommented lines only):
Code:

iface_eth0="209.xxx.xxx.xxx broadcast 209.xxx.xxx.255 netmask 255.255.255.0"
iface_eth1="192.168.1.1 broadcast 192.168.1.255 netmask 255.255.255.0"
gateway="eth0/209.xxx.xxx.1"


My questions are:
Server #1 & 2:
/etc/conf.d/bridge
Code:

bridge_br0_devices="tap0 ???"


/etc/conf.d/net
Code:

iface_eth0="?????"
iface_br0="????"
gateway="br0/?????"


/etc/openvpn/tunnel1/local.conf
Code:

add  "remote ??????"


Finally, how do you generate a key.txt, and also, I run gShield as my firewall on both servers, what device would I tell it to use for local traffic and which device would I tell it to use for internet traffic?
Back to top
View user's profile Send private message
will_k
n00b
n00b


Joined: 08 Jan 2004
Posts: 13

PostPosted: Wed Jul 21, 2004 9:51 pm    Post subject: Reply with quote

drkstorm,

you need to bridge your external interface (eth0 in your case) and tap0

Also try this:

iface_eth0="0.0.0.0"
iface_br0="dhcp"
#gateway=""

and

add you will only know the ipaddress or domain name of the remote computer your trying to vpn with... just put the ipaddress or dns in there

openvpn comes with a tool to generate a key you can name it whatever you want so long that it is specified with that name in the configuration file /etc/openvpn/tunnel1/local.conf
_________________
--Earth wanderer on the beautiful sailing vessel "Friendship"--

If I don't reply right away...check back next year :)
Back to top
View user's profile Send private message
rambo No. 5
n00b
n00b


Joined: 16 Jul 2003
Posts: 25
Location: Huddersfield, UK

PostPosted: Tue Aug 10, 2004 2:22 pm    Post subject: tun module Reply with quote

I was having trouble inserting the tun module too.
It turns out that it was because /dev/net/tun already existed. The tun module was trying to create /dev/net/tun using the alias we set up. I deleted /dev/net/tun and the module inserted correctly.
Back to top
View user's profile Send private message
rcxAsh
Guru
Guru


Joined: 03 Jul 2003
Posts: 457
Location: /etc/localtime

PostPosted: Tue Aug 31, 2004 5:40 am    Post subject: Reply with quote

will_k wrote:
No, separate lines. Sorry for the confusion.

iface_eth0="0.0.0.0"
iface_br0="dhcp"
gateway="br0/x.x.x.x"

ofcourse the dhcp could be set to a static configuration and the x.x.x.x needs to be substituted with your gateway.

Hm. I'm kind of confused here. My eth0 currently gets it's IP address from my router via dhpc. When I change/add iface_eth0 to "0.0.0.0", my network connection dies.

Also, bringing up the bridge service kills my network conenction as well.
Code:
ashley@lostech ashley $ ping 192.168.2.1
connect: Network is unreachable
I'm getting lost here.

Also, this howto is for a client setup, right? But I assume that this initial setup is also needed for a server setup (which is what I'm trying to do)?

Also tried to follow some of the things here:
http://openvpn.sourceforge.net/bridge.html but I'm getting really, really confused now. Hehe.

Can you explain a bit how this setup works? Like, does br0 give me my connection to my network now instead of eth0? (since eth0 is now set to 0.0.0.0). Please forgive me for my ignorance. :oops:

Seems like everytime I do something, it kills my network connection.
_________________
rcxAsh
Back to top
View user's profile Send private message
dreas
Guru
Guru


Joined: 06 Aug 2003
Posts: 359
Location: Germany

PostPosted: Tue Sep 07, 2004 7:24 am    Post subject: Reply with quote

This article written by Florin Adrei was finally helping me to set up OpenVPN correctly even though the article is based on Fedora Core.
_________________
curst [kûrst] a past tense and a past participle of curse, a variant of cursed
Back to top
View user's profile Send private message
taskara
Advocate
Advocate


Joined: 10 Apr 2002
Posts: 3763
Location: Australia

PostPosted: Fri Dec 31, 2004 2:14 am    Post subject: Reply with quote

I have followed this guide, however I want to setup my second nic with the vpn (I simply editted bride.conf to eth1 instead of eth0).

I have eth0, eth1, tap0, and br0

however I notice that br0 is not getting the ip address specified to it.

do I need to create /etc/init.d/br0 and start it?

if i do this then br0 gets its ip address.

before starting /etc/init.d/br0 :
Code:
enoch root # ifconfig
eth0      Link encap:Ethernet  HWaddr 00:B0:D0:D3:A7:32
          inet addr:192.168.7.10  Bcast:192.168.7.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:952 errors:0 dropped:0 overruns:0 frame:0
          TX packets:713 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:164849 (160.9 Kb)  TX bytes:274354 (267.9 Kb)
          Interrupt:10 Base address:0xe880

eth1      Link encap:Ethernet  HWaddr 00:10:60:CB:10:16
          UP BROADCAST PROMISC MULTICAST  MTU:1540  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:43 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:10768 (10.5 Kb)  TX bytes:10768 (10.5 Kb)

tap0      Link encap:Ethernet  HWaddr 00:FF:D9:8E:4E:D1
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)


after starting br.0 :
Code:
enoch root # ifconfig
br0       Link encap:Ethernet  HWaddr 00:10:60:CB:10:16
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

eth0      Link encap:Ethernet  HWaddr 00:B0:D0:D3:A7:32
          inet addr:192.168.7.10  Bcast:192.168.7.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:986 errors:0 dropped:0 overruns:0 frame:0
          TX packets:733 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:167765 (163.8 Kb)  TX bytes:278362 (271.8 Kb)
          Interrupt:10 Base address:0xe880

eth1      Link encap:Ethernet  HWaddr 00:10:60:CB:10:16
          UP BROADCAST PROMISC MULTICAST  MTU:1540  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:43 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:10768 (10.5 Kb)  TX bytes:10768 (10.5 Kb)

tap0      Link encap:Ethernet  HWaddr 00:FF:D9:8E:4E:D1
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)


basically I want to have my WAP plugged into eth1, and have people join the wireless network, but in order to get onto the "real" network / internet they have to vpn to the server.

I want clients to be able to connect to the wap, vpn to the server through eth1, then get assigned an address on the network range (192.168.7.0/24) and be able to browse the internet etc.

am I on the right track?

cheers!
_________________
Kororaa install method - have Gentoo up and running quickly and easily, fully automated with an installer!
Back to top
View user's profile Send private message
yaneurabeya
Veteran
Veteran


Joined: 13 May 2004
Posts: 1754
Location: Seattle

PostPosted: Wed Apr 13, 2005 7:50 am    Post subject: Reply with quote

rcxAsh wrote:
iface_eth0="0.0.0.0"


0.0.0.0 is referred to as "nothing" in ipv4, correct? 255.255.255.255 is everything.
Back to top
View user's profile Send private message
-Craig-
Guru
Guru


Joined: 03 Jun 2004
Posts: 333

PostPosted: Tue Dec 13, 2005 7:32 am    Post subject: Reply with quote

Well when using ifconfig 0.0.0.0 is an empty address, normally 0.0.0.0 is everything (e.g. in iptables) !
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum