EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Tuesday 24 December 2024, 07:24:29 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
The Latest Endian Firewall is now available for download
HERE
14262
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
VPN Support
EFW OpenVPN + iOS + OpenVPN client
0 Members and 0 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: EFW OpenVPN + iOS + OpenVPN client (Read 18459 times)
LttlScamp
Jr. Member
Offline
Posts: 6
EFW OpenVPN + iOS + OpenVPN client
«
on:
Sunday 24 February 2013, 08:40:12 am »
I've been fighting for the last few days and I wanted to get a weigh in if this actually possible.
I am trying to get a tunnel to my GREEN network from an iPhone using the OpenVPN client.
So far I get a connection and IP from the GREEN subnet but I ping anything on the GREEN zone.
Can anyone tell me definitively if it is possible to do this using either SSL or IPSEC and what server configuration I should be making to accomplish this?
I've found various bits of info but nothing so far that puts it all together specifically for EFW.
I'm getting the following error in the log after connection:
openvpn[16490]: 184.151.61.234:33921 WARNING: "dev-type" is used inconsistently, local="dev-type tap", remote="dev-type tun"
OpenVPN
2013-02-23 16:35:20
openvpn[16490]: 184.151.61.234:33921 WARNING: "link-mtu" is used inconsistently, local="link-mtu 1574", remote="link-mtu 1542"
OpenVPN
2013-02-23 16:35:20
openvpn[16490]: 184.151.61.234:33921 WARNING: "tun-mtu" is used inconsistently, local="tun-mtu 1532", remote="tun-mtu 1500"
OpenVPN
2013-02-23 16:35:20
openvpn[16490]: 184.151.61.234:33921 WARNING: "keydir" is present in remote config but missing in local config, remote="keydir 1"
Server config:
; daemon configuration
daemon
mode server
tls-server
proto udp
port 443
tmp-dir /var/tmp
dev tun
push "topology subnet"
multihome
user openvpn
group openvpn
cd /var/openvpn
; client-config-dir clients
script-security 2 system
; tunnel configuration
dev tap0
; bridge to GREEN
server-bridge 192.168.12.1 255.255.255.0 192.168.12.225 192.168.12.230
push "route-gateway 192.168.12.1"
; don't push global networks
passtos
comp-lzo
management 127.0.0.1 5555
keepalive 8 30
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
persist-local-ip
persist-remote-ip
; logging and status
writepid /var/run/openvpn/openvpn.pid
ifconfig-pool-persist openvpn.leases
status /var/log/openvpn/openvpn-status.log
verb 1
client-connect "/usr/local/bin/openvpn-client-connect"
client-disconnect "/usr/local/bin/openvpn-client-disconnect"
up "/usr/local/bin/dir.d-exec /etc/openvpn/ifup.server.d/"
down "/usr/local/bin/dir.d-exec /etc/openvpn/ifdown.server.d/"
; certificates and authentication
dh /var/efw/openvpn/dh1024.pem
pkcs12 /var/efw/openvpn/pkcs12.p12
client-cert-not-required
auth-user-pass-verify "/usr/bin/openvpn-auth" via-file
username-as-common-name
Client config:
remote x.x.x.x 443 udp
client
persist-key
persist-tun
dev tun
nobind
auth-user-pass
comp-lzo
verb 3
mute 20
ping 10
ping-restart 120
<ca>
-----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
redacted
-----END PRIVATE KEY-----
</key>
Thanks!
Logged
LttlScamp
Jr. Member
Offline
Posts: 6
Re: EFW OpenVPN + iOS + OpenVPN client
«
Reply #1 on:
Monday 25 February 2013, 08:45:26 am »
It seems I have to force OpenVPN to use tun mode to support iOS clients.
As far as I can tell you do that with a 'dev tun' statement in the openvpn.conf. However, if I add that line to the openvpn.conf.tmpl the service won't start.
Am I missing something here?
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.063 seconds with 21 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com