Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 26 November 2024, 07:39:35 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  EFW OpenVPN + iOS + OpenVPN client
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: EFW OpenVPN + iOS + OpenVPN client  (Read 16789 times)
LttlScamp
Jr. Member
*
Offline Offline

Posts: 6


« on: Sunday 24 February 2013, 08:40:12 am »

I've been fighting for the last few days and I wanted to get a weigh in if this actually possible.

I am trying to get a tunnel to my GREEN network from an iPhone using the OpenVPN client.

So far I get a connection and IP from the GREEN subnet but I ping anything on the GREEN zone.

Can anyone tell me definitively if it is possible to do this using either SSL or IPSEC and what server configuration I should be making to accomplish this?

I've found various bits of info  but nothing so far that puts it all together specifically for EFW.

I'm getting the following error in the log after connection:

openvpn[16490]: 184.151.61.234:33921 WARNING: "dev-type" is used inconsistently, local="dev-type tap", remote="dev-type tun"
OpenVPN
2013-02-23 16:35:20
openvpn[16490]: 184.151.61.234:33921 WARNING: "link-mtu" is used inconsistently, local="link-mtu 1574", remote="link-mtu 1542"
OpenVPN
2013-02-23 16:35:20
openvpn[16490]: 184.151.61.234:33921 WARNING: "tun-mtu" is used inconsistently, local="tun-mtu 1532", remote="tun-mtu 1500"
OpenVPN
2013-02-23 16:35:20
openvpn[16490]: 184.151.61.234:33921 WARNING: "keydir" is present in remote config but missing in local config, remote="keydir 1"


Server config:

; daemon configuration
daemon

mode server
tls-server
proto udp
port 443
tmp-dir /var/tmp
dev tun
push "topology subnet"

multihome
user openvpn
group openvpn

cd /var/openvpn
; client-config-dir clients

script-security 2 system

; tunnel configuration

dev tap0
; bridge to GREEN
server-bridge 192.168.12.1 255.255.255.0 192.168.12.225 192.168.12.230
push "route-gateway 192.168.12.1"

; don't push global networks

passtos
comp-lzo
management 127.0.0.1 5555
keepalive 8 30

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

persist-key
persist-tun
persist-local-ip
persist-remote-ip


; logging and status

writepid /var/run/openvpn/openvpn.pid
ifconfig-pool-persist openvpn.leases
status /var/log/openvpn/openvpn-status.log
verb 1


client-connect "/usr/local/bin/openvpn-client-connect"
client-disconnect "/usr/local/bin/openvpn-client-disconnect"

up "/usr/local/bin/dir.d-exec /etc/openvpn/ifup.server.d/"
down "/usr/local/bin/dir.d-exec /etc/openvpn/ifdown.server.d/"

; certificates and authentication

dh /var/efw/openvpn/dh1024.pem
pkcs12 /var/efw/openvpn/pkcs12.p12


client-cert-not-required
auth-user-pass-verify "/usr/bin/openvpn-auth" via-file
username-as-common-name

Client config:

remote x.x.x.x 443 udp
client
persist-key
persist-tun
dev tun
nobind
auth-user-pass
comp-lzo
verb 3
mute 20                                                                         
ping 10
ping-restart 120
<ca>
-----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
redacted
-----END PRIVATE KEY-----
</key>

Thanks!
Logged
LttlScamp
Jr. Member
*
Offline Offline

Posts: 6


« Reply #1 on: Monday 25 February 2013, 08:45:26 am »

It seems I have to force OpenVPN to use tun mode to support iOS clients.

As far as I can tell you do that with a 'dev tun' statement in the openvpn.conf.  However, if I add that line to the openvpn.conf.tmpl the service won't start.

Am I missing something here?
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com