EFW Support

Support => VPN Support => Topic started by: blackironcastle on Tuesday 19 June 2012, 09:00:43 pm

Title: [GW2GW] Please help: OpenVPN with static key via TUN & no certs
Post by: blackironcastle on Tuesday 19 June 2012, 09:00:43 pm
Hello everybody, nice to meet you!

First post, and I'm already asking for help.  ;)

I've replaced an aging machine with Endian (2.5.1). I'm rather happy with the setup - the firewall and content filter are working well.

Problem is, I am having trouble to recreate the OpenVPN setup we had estabilished on the previous machine - a simple Net-to-Net (Gw2Gw) affair, relying uniquely on a secret pre-shared key.

We were also using TUN to connect the opposite end. And this is where the problem starts, ladies and gents...

While I wish I could push for an Endian-to-Endian solution, with certificates and increased security, this isn't currently the case (a pity, as I'd rather like to do it "the Endian way").

Anyhow, my idea is to bring up the tunnel via the command line, invoking a custom OpenVPN config file.
So far, I've obtained minimal results - the tun0 interface comes up but no traffic comes through it (note: the script starts up, but I cannot return to the command line - I have to invoke another SSH prompt, which might point out something is wrong / incomplete).

EDIT (June 26 2012): of course the window locked up - I forgot to start up the whole thing as a daemon.

I've already enabled IP forwarding and added rules for tun0 in iptables, but I'd like to hear your opinion on the matter. There is certainly more I can do (I'm looking up whether the block happens someplace else), but I'd like to play it as safe as possible.

Thanks in advance for your help and suggestions! Let me know whether I should post more details (e.g., firewall rules and/or code).

-- Black.

Title: Re: [GW2GW] Please help: OpenVPN with pre-shared key via TUN & no certs
Post by: blackironcastle on Tuesday 26 June 2012, 05:27:31 pm
Bump, sorry.

Any ideas, clues, suggestions?... Anybody with past experience about this issue?

My script starts up, but so far no luck in getting through the tunnel.

I'd really like to get the ball rolling on this one.

Thanks again!