|
Title: EFW OpenVPN + iOS + OpenVPN client Post by: LttlScamp on Sunday 24 February 2013, 08:40:12 am I've been fighting for the last few days and I wanted to get a weigh in if this actually possible.
I am trying to get a tunnel to my GREEN network from an iPhone using the OpenVPN client. So far I get a connection and IP from the GREEN subnet but I ping anything on the GREEN zone. Can anyone tell me definitively if it is possible to do this using either SSL or IPSEC and what server configuration I should be making to accomplish this? I've found various bits of info but nothing so far that puts it all together specifically for EFW. I'm getting the following error in the log after connection: openvpn[16490]: 184.151.61.234:33921 WARNING: "dev-type" is used inconsistently, local="dev-type tap", remote="dev-type tun" OpenVPN 2013-02-23 16:35:20 openvpn[16490]: 184.151.61.234:33921 WARNING: "link-mtu" is used inconsistently, local="link-mtu 1574", remote="link-mtu 1542" OpenVPN 2013-02-23 16:35:20 openvpn[16490]: 184.151.61.234:33921 WARNING: "tun-mtu" is used inconsistently, local="tun-mtu 1532", remote="tun-mtu 1500" OpenVPN 2013-02-23 16:35:20 openvpn[16490]: 184.151.61.234:33921 WARNING: "keydir" is present in remote config but missing in local config, remote="keydir 1" Server config: ; daemon configuration daemon mode server tls-server proto udp port 443 tmp-dir /var/tmp dev tun push "topology subnet" multihome user openvpn group openvpn cd /var/openvpn ; client-config-dir clients script-security 2 system ; tunnel configuration dev tap0 ; bridge to GREEN server-bridge 192.168.12.1 255.255.255.0 192.168.12.225 192.168.12.230 push "route-gateway 192.168.12.1" ; don't push global networks passtos comp-lzo management 127.0.0.1 5555 keepalive 8 30 tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun persist-local-ip persist-remote-ip ; logging and status writepid /var/run/openvpn/openvpn.pid ifconfig-pool-persist openvpn.leases status /var/log/openvpn/openvpn-status.log verb 1 client-connect "/usr/local/bin/openvpn-client-connect" client-disconnect "/usr/local/bin/openvpn-client-disconnect" up "/usr/local/bin/dir.d-exec /etc/openvpn/ifup.server.d/" down "/usr/local/bin/dir.d-exec /etc/openvpn/ifdown.server.d/" ; certificates and authentication dh /var/efw/openvpn/dh1024.pem pkcs12 /var/efw/openvpn/pkcs12.p12 client-cert-not-required auth-user-pass-verify "/usr/bin/openvpn-auth" via-file username-as-common-name Client config: remote x.x.x.x 443 udp client persist-key persist-tun dev tun nobind auth-user-pass comp-lzo verb 3 mute 20 ping 10 ping-restart 120 <ca> -----BEGIN CERTIFICATE----- redacted -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- redacted -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- redacted -----END PRIVATE KEY----- </key> Thanks! Title: Re: EFW OpenVPN + iOS + OpenVPN client Post by: LttlScamp on Monday 25 February 2013, 08:45:26 am It seems I have to force OpenVPN to use tun mode to support iOS clients.
As far as I can tell you do that with a 'dev tun' statement in the openvpn.conf. However, if I add that line to the openvpn.conf.tmpl the service won't start. Am I missing something here? |