EFW Support

Support => VPN Support => Topic started by: seh2000 on Wednesday 07 July 2010, 11:19:29 pm



Title: EFW Client to Server (HMA)
Post by: seh2000 on Wednesday 07 July 2010, 11:19:29 pm
Hello all,

Hope to get help here, even that I see many posts with no replies! And sorry for the long post.

I am using an Paid OpenVPN service from a US Provider that allows me not only to have IP address in different locations, but as well make my VoIP better as my ISP don't like SIP services.
I been using clients on my computers (mix of Mac and Windows), but I would very much love to use the OpenVPN feature in EFW.

To test the EFW firewall is not activated to assure nothing blocks.

I am using the Gw2Gw option (assume I do not need to do any configuration of OpenVPM Server nor IPsec) have done the following settings:
Connect to: ...:443 (IP address of the server and the required port #)
Upload Certificate: CA Certificate from the Server (remote)
PKCS#12: blank
User name: my user name (for remote server)
Password: my password (for remote server)
Connection Type: Routed
Bridge to: Green
Block DHCP responses...: Not checked
NAT: Not checked
Protocol: TCP (as per instruction)
HTTP Proxy Config.: Nothing done

The instructions from the provider say:
1. The openvpn port at our end is TCP 443.
2. To connect you need both .crt files - one is CA server certificate and another is client certificate. Also you need to enable user/password authentication (it's "auth-user-pass" config file option).

Here the first issue, where can I add two certificates? I only see one place under Gw2Gw!

Maybe there is a way to do changes to the EFW OpenVPN configuration file? But to do so I need to know where the file is located (I am not a super Linux expert) to edit, etc.

So far when I try to connect I get "connection refused" all the time.
The OpenVPN Log attached where I see the verification of certificate fails, which I assume is because I need to use two certificates or?


Your help is much appreciated!

Steen


Title: Re: EFW Client to Server (HMA)
Post by: mrkroket on Thursday 08 July 2010, 01:17:54 am
Config files are located in:

/etc/openvpn/
and
/var/efw/openvpn/


Title: Re: EFW Client to Server (HMA)
Post by: seh2000 on Thursday 08 July 2010, 01:56:40 am
Hello mrkroket!

Appreciated!

Still wonder where to put the two certificates the provider mentioned...ideas?
They also provided me with some .ovpn files...

I forgot to mention that I used version 2.3, see now there is a newer version 2.4 will try to install and see...


Thanks - Steen


Title: Re: EFW Client (Gw2Gw) to not EFW OpenVpn Server
Post by: seh2000 on Saturday 10 July 2010, 02:02:06 am
...OK - I finally got 2.4 to work (had issue with a PCMCIA card), but I still fail to get the Gw2Gw to work with the remote OpenVPN server.

The support from the remote OpenVPN server say "Impossibility to put all three certificates may mean that they (Endian) only support connecting Endian-to-Endian devices, and they already have other two certificates bundled." as mentioned initial in my post I have 2 certificates and a key file, but how to get both certificates installed?

Ideas!