Re: vpnc or openvpn

>> On Mon, 10 Mar 2008, Michael Ansel wrote:
>
>>> So, in the interest of all Duke-Linux users, is there any University
>>> policy preventing us from setting up an openvpn server that uses the
>>> Kerberos to authenticate users? Maybe set a bandwidth cap so you don't
>>> top your personal 5G upload limit? Or, set one up, and then convince the
>>> University to sanction it and remove the upload limit...
>
>
> Okay, so hard at work trying to figure this one out, but not exactly
> sure where to go. I'm trying to eliminate client-side certificates and
> only use a local authentication module (currently set to allow any
> user/pass, but that can be replaced with pam-krb5). However, something
> is failing at the final routing stage (after I'm all connected). I can
> ping 10.8.0.1, but nothing else. I'm turning the firewall back on for
> now, so you won't be able to connect to my box, but if somebody wants to
> work on it tomorrow, I'll be happy to open the VPN port up for you to
> check it out.
>
>
> Thanks, and hope we can get this set up and working soon!
>
> Michael
>
>
>
> Server config (server.ovpn): http://pastebin.com/m597d6e5
> Server commandline: openvpn --auth-user-pass-verify /bin/true via-file
> --config server.ovpn
>
> Client commandline: openvpn --client --auth-user-pass --dev tap --ca
> /home/mra13/ca.crt --remote michael-nas.dorm.duke.edu --comp-lzo
> route del default ; route add default 10.8.0.10
> 10.8.0.10 is the remote end of the PTP link according to the client output.
>
> Server Output:
> Tue Mar 11 01:34:01 2008 152.3.66.208:1194 MULTI: bad source address
> from client [152.3.66.208], packet dropped
> ....