EFW Support

Support => VPN Support => Topic started by: baselbj on Saturday 12 December 2015, 10:14:17 pm


Title: OpenVPN is not started
Post by: baselbj on Saturday 12 December 2015, 10:14:17 pm
Hi,

I am new to EFW world and while I am trying to configure efw openvpn to accept LDAP login I think I made something wrong with openvpn configuration. I can't see any log information that shows me if the openvpn is working and using the check port tools give me that the port is closed.

My server config:

; daemon configuration for server default (1_0) server #1
daemon
mode server
tls-server
proto tcp
port 1194
tmp-dir /var/tmp
multihome
user openvpn
group openvpn

cd /var/openvpn
; client-config-dir clients

script-security 3
multihome
user openvpn
group openvpn

cd /var/openvpn
; client-config-dir clients

script-security 3

; tunnel configuration

dev tap0
; bridge to GREEN
server-bridge 192.168.1.4 255.255.255.0 192.168.1.150 192.168.1.155
push "route-gateway 192.168.1.4"

; push VPN network splitted

; push global networks
push "route 192.168.1.0 255.255.255.0"

passtos
comp-lzo
management 127.0.0.1 5555
keepalive 5 30

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

persist-key
persist-tun
persist-local-ip
persist-remote-ip

bcast-buffers 4096

; logging and status
writepid /var/run/openvpn/openvpn.1.pid
ifconfig-pool-persist openvpn.1.leases
status /tmp/openvpn-status.1.log 30
status-version 2
verb 1
client-connect "/usr/local/bin/openvpn-client-connect"
client-disconnect "/usr/local/bin/openvpn-client-disconnect"

up "/usr/local/bin/dir.d-exec /etc/openvpn/ifup.server.d/"
down "/usr/local/bin/dir.d-exec /etc/openvpn/ifdown.server.d/"

; certificates and authentication

dh /var/efw/openvpn/dh1024.pem
cert "/var/efw/vpn/ca/certs/192.168.0.4cert.pem"
key "/var/efw/vpn/ca/certs/192.168.0.4key.pem"
duplicate-cn

client-cert-not-required
auth-user-pass-verify "/usr/bin/openvpn-auth-user-pass" via-env
username-as-common-name
client-to-client   


Settings:
AUTHENTICATION_STACK=ldap,local
CA_FILENAME=cacert.pem
CERT_FILENAME=192.168.0.4cert.pem
LDAP_BIND_DN=cn=Administrator,cn=Users,dc=sham,dc=com
LDAP_BIND_PASSWORD=1111
LDAP_FILTER=(&(objectCategory=person)(objectClass=user)(sAMAccountName=%(u)s))
LDAP_URI=ldap://192.168.1.2
LDAP_USER_BASEDN=cn=Users,dc=sham,dc=com
OPENVPN_ENABLED=on


Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media