|
»
»
»
« Return to Thread: vpnc or openvpn
Re: vpnc or openvpn
by Michael Ansel
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> On Mon, 10 Mar 2008, Michael Ansel wrote:
>
>> So, in the interest of all Duke-Linux users, is there any University
>> policy preventing us from setting up an openvpn server that uses the
>> Kerberos to authenticate users? Maybe set a bandwidth cap so you don't
>> top your personal 5G upload limit? Or, set one up, and then convince the
>> University to sanction it and remove the upload limit...
Okay, so hard at work trying to figure this one out, but not exactly
sure where to go. I'm trying to eliminate client-side certificates and
only use a local authentication module (currently set to allow any
user/pass, but that can be replaced with pam-krb5). However, something
is failing at the final routing stage (after I'm all connected). I can
ping 10.8.0.1, but nothing else. I'm turning the firewall back on for
now, so you won't be able to connect to my box, but if somebody wants to
work on it tomorrow, I'll be happy to open the VPN port up for you to
check it out.
Thanks, and hope we can get this set up and working soon!
Michael
Server config (server.ovpn): http://pastebin.com/m597d6e5
Server commandline: openvpn --auth-user-pass-verify /bin/true via-file
- --config server.ovpn
Client commandline: openvpn --client --auth-user-pass --dev tap --ca
/home/mra13/ca.crt --remote michael-nas.dorm.duke.edu --comp-lzo
route del default ; route add default 10.8.0.10
10.8.0.10 is the remote end of the PTP link according to the client output.
Server Output:
Tue Mar 11 01:34:01 2008 152.3.66.208:1194 MULTI: bad source address
from client [152.3.66.208], packet dropped
....
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iQEVAwUBR9YbUXlxmnp6j2qxAQIDgAf7By4Jh2I/jY9+GRVlsyADSju0nRs7kJ+C
liqwaoRaKIbSalQdYukOrngYLnkBuipiKwwhDNfUBkpvxehAk/4oN6PyR7iELLPW
xCrNNm6XvsH79Imv/BP9+f4vwzX3YqVcWg5Noh53VxEZvAPKvCzRWXZFeYff39dC
ySBdJCHe7DCp8826SSMzkqDfrehXww3lq8KD3uyjOO7cXSe9/qvLzP4XlyoOSr9n
gjGrA7Of+/5C9y2yaEQYSkGIr0dsXyLYiDg0hC0N9CWfGLJo8z5oRyXiffzNtNuv
5qf+dmKcChS0Eu1cBSq/XJ5jvV2gHeLXNB3JcSu8cQSKR93lFC0YjQ==
=85fj
-----END PGP SIGNATURE-----
_______________________________________________
Dulug mailing list
Dulug@...
https://lists.dulug.duke.edu/mailman/listinfo/dulug
Hash: SHA1
> On Mon, 10 Mar 2008, Michael Ansel wrote:
>
>> So, in the interest of all Duke-Linux users, is there any University
>> policy preventing us from setting up an openvpn server that uses the
>> Kerberos to authenticate users? Maybe set a bandwidth cap so you don't
>> top your personal 5G upload limit? Or, set one up, and then convince the
>> University to sanction it and remove the upload limit...
Okay, so hard at work trying to figure this one out, but not exactly
sure where to go. I'm trying to eliminate client-side certificates and
only use a local authentication module (currently set to allow any
user/pass, but that can be replaced with pam-krb5). However, something
is failing at the final routing stage (after I'm all connected). I can
ping 10.8.0.1, but nothing else. I'm turning the firewall back on for
now, so you won't be able to connect to my box, but if somebody wants to
work on it tomorrow, I'll be happy to open the VPN port up for you to
check it out.
Thanks, and hope we can get this set up and working soon!
Michael
Server config (server.ovpn): http://pastebin.com/m597d6e5
Server commandline: openvpn --auth-user-pass-verify /bin/true via-file
- --config server.ovpn
Client commandline: openvpn --client --auth-user-pass --dev tap --ca
/home/mra13/ca.crt --remote michael-nas.dorm.duke.edu --comp-lzo
route del default ; route add default 10.8.0.10
10.8.0.10 is the remote end of the PTP link according to the client output.
Server Output:
Tue Mar 11 01:34:01 2008 152.3.66.208:1194 MULTI: bad source address
from client [152.3.66.208], packet dropped
....
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iQEVAwUBR9YbUXlxmnp6j2qxAQIDgAf7By4Jh2I/jY9+GRVlsyADSju0nRs7kJ+C
liqwaoRaKIbSalQdYukOrngYLnkBuipiKwwhDNfUBkpvxehAk/4oN6PyR7iELLPW
xCrNNm6XvsH79Imv/BP9+f4vwzX3YqVcWg5Noh53VxEZvAPKvCzRWXZFeYff39dC
ySBdJCHe7DCp8826SSMzkqDfrehXww3lq8KD3uyjOO7cXSe9/qvLzP4XlyoOSr9n
gjGrA7Of+/5C9y2yaEQYSkGIr0dsXyLYiDg0hC0N9CWfGLJo8z5oRyXiffzNtNuv
5qf+dmKcChS0Eu1cBSq/XJ5jvV2gHeLXNB3JcSu8cQSKR93lFC0YjQ==
=85fj
-----END PGP SIGNATURE-----
_______________________________________________
Dulug mailing list
Dulug@...
https://lists.dulug.duke.edu/mailman/listinfo/dulug
« Return to Thread: vpnc or openvpn
| Free embeddable forum powered by Nabble | Forum Help |
