From owner-freebsd-questions@FreeBSD.ORG  Sat Jul 25 16:56:13 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5549E1065670
	for <freebsd-questions@freebsd.org>;
	Sat, 25 Jul 2009 16:56:13 +0000 (UTC)
	(envelope-from kraduk@googlemail.com)
Received: from mail-fx0-f225.google.com (mail-fx0-f225.google.com
	[209.85.220.225])
	by mx1.freebsd.org (Postfix) with ESMTP id A55F48FC13
	for <freebsd-questions@freebsd.org>;
	Sat, 25 Jul 2009 16:56:12 +0000 (UTC)
	(envelope-from kraduk@googlemail.com)
Received: by fxm25 with SMTP id 25so125673fxm.43
	for <freebsd-questions@freebsd.org>;
	Sat, 25 Jul 2009 09:56:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlemail.com; s=gamma;
	h=domainkey-signature:mime-version:received:in-reply-to:references
	:date:message-id:subject:from:to:cc:content-type;
	bh=4Z5UcszaqhvrAQbxGRIVozAHAiK2g8vg7SbIw9RAkvA=;
	b=joPKp9O05ajdX7nn+LIlrLKVylT3wSJc/dw6udEseuWO7YqXXA139bAIZ+B0B3Witp
	wqCiHJ3AVT//ZnBD0B3Z+/qJ+9AHjR+RL2n0gvmvydGPC9+D7WYoX/noVCeYMt0j4KJ5
	dGtlGtRaX6oIrzl4tb1B3XibkybCAshSNNnoM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	b=g/o/AOvtmCv19lFmxqAw0VlIiV75we5/xotZ87KCxpdiFj1jHhU6nHQFgz8t4xibXM
	cqWnTes/g7b+qwk3KKyr+UVKK5NPkAMZ6m1KTyWwHCqncjJDDO4Qp82+gGKOCcND7yjO
	0MYugks07BkGgBfcvG2dQltRBip48lDK0LjEM=
MIME-Version: 1.0
Received: by 10.103.193.12 with SMTP id v12mr2335776mup.2.1248540971545; Sat, 
	25 Jul 2009 09:56:11 -0700 (PDT)
In-Reply-To: <288826.64593.qm@web35603.mail.mud.yahoo.com>
References: <288826.64593.qm@web35603.mail.mud.yahoo.com>
Date: Sat, 25 Jul 2009 17:56:11 +0100
Message-ID: <d36406630907250956h455339c7u395efc3054d22bce@mail.gmail.com>
From: chris scott <kraduk@googlemail.com>
To: =?ISO-8859-1?Q?Leonardo_M=2E_Ram=E9?= <martinrame@yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-questions@freebsd.org
Subject: Re: OpenVPN Client
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jul 2009 16:56:13 -0000

2009/7/25 Leonardo M. Ram=E9 <martinrame@yahoo.com>

>
> Hi, I'm trying to connect to an OpenVPN server in my office. To do this, =
I
> installed "OpenVPN 2.0.6 i386-portbld-freebsd7.2 [SSL] [LZO]" from ports,
> and looking at different tutorials I found it needs a config file in
> /usr/local/etc/openvpn/openvpn.conf. The problem here, is that our server
> provides an "client.ovpn" file containing all the connection params neede=
d
> by a client, in fact, we connect windows machines just by installing
> "OpenVPN_Installer.exe", it configures a TAP device and a client that rea=
ds
> the client.ovpn file.
>
> Now, in my FreeBSD 7.2 i386 machine, I did this:
>
> Created the /usr/local/etc/openvpn/openvpn.conf (the port doesn't created
> it automatically) with this content:
>
> remote 200.80.219.194.static.techtelnet.net
> client
> proto tcp
> port 443
> dev tun
> ns-cert-type server
> auth-user-pass
> auth-retry interact
> comp-lzo
> user nobody
> group nobody
> verb 3
> ca /usr/local/etc/openvpn/keys/ca.key
> cert /usr/local/etc/openvpn/keys/cert.key
> key /usr/local/etc/openvpn/keys/key.key
>
> This contents are extracted from client.ovpn, and "ca", "cert" and "key"
> files were extracted from the same file.
>
> I kldload tun, but when I do ifconfig, it doesn't shows nothing related t=
o
> tun or tap.
>
> Also, when I do "openvpn /usr/local/etc/openvpn/openvpn.conf" the results
> are this:
>
> Sat Jul 25 11:24:09 2009 OpenVPN 2.0.6 i386-portbld-freebsd7.2 [SSL] [LZO=
]
> built on Jul 24 2009
> Enter Auth Username:nico
> Enter Auth Password:****
> Sat Jul 25 11:24:13 2009 WARNING: you are using user/group/chroot without
> persist-key/persist-tun -- this may cause restarts to fail
> Sat Jul 25 11:24:13 2009 WARNING: file
> '/usr/local/etc/openvpn/keys/key.key' is group or others accessible
> Sat Jul 25 11:24:13 2009 LZO compression initialized
> Sat Jul 25 11:24:13 2009 Control Channel MTU parms [ L:1544 D:140 EF:40
> EB:0 ET:0 EL:0 ]
> Sat Jul 25 11:24:13 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44
> EB:135 ET:0 EL:0 AF:3/1 ]
> Sat Jul 25 11:24:13 2009 Local Options hash (VER=3DV4): '69109d17'
> Sat Jul 25 11:24:13 2009 Expected Remote Options hash (VER=3DV4): 'c0103f=
a8'
> Sat Jul 25 11:24:13 2009 NOTE: UID/GID downgrade will be delayed because =
of
> --client, --pull, or --up-delay
> Sat Jul 25 11:24:13 2009 Attempting to establish TCP connection with
> 200.80.219.194:443
> Sat Jul 25 11:24:13 2009 TCP connection established with
> 200.80.219.194:443
> Sat Jul 25 11:24:13 2009 TCPv4_CLIENT link local: [undef]
> Sat Jul 25 11:24:13 2009 TCPv4_CLIENT link remote: 200.80.219.194:443
> Sat Jul 25 11:24:13 2009 Connection reset, restarting [0]
> Sat Jul 25 11:24:13 2009 TCP/UDP: Closing socket
> Sat Jul 25 11:24:13 2009 SIGUSR1[soft,connection-reset] received, process
> restarting
> Sat Jul 25 11:24:13 2009 Restart pause, 5 second(s)
>
> In my /etc/rc.conf I have openvpn_if=3D"tun", I don't load the tun nor ta=
p
> interface at boot, I just want to load it with kldload.
>
> uname -a:
> FreeBSD inspiron.local 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Fri May  1
> 08:49:13 UTC 2009     root@walker.cse.buffalo.edu:/usr/obj/usr/src/sys/GE=
NERIC
>  i386
>
> ifconfig:
> ndis0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu =
1500
>        ether 00:23:4d:64:d6:7a
>        inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
>        media: IEEE 802.11 Wireless Ethernet autoselect
>        status: associated
>        ssid "" channel 1 (2412 Mhz 11b)
>        authmode OPEN privacy OFF bmiss 7 scanvalid 60 roaming MANUAL
>        bintval 0
> fwe0: flags=3D8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
>        options=3D8<VLAN_MTU>
>        ether 32:4f:c0:e1:55:e1
>        ch 1 dma -1
> fwip0: flags=3D8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
>        lladdr 33.4f.c0.0.26.e1.55.e1.a.2.ff.fe.0.0.0.0
> lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
>        inet6 ::1 prefixlen 128
>        inet 127.0.0.1 netmask 0xff000000
>
> Thanks in advance,
> Leonardo M. Ram=E9
>
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>


make sure you have the tap kernel module loaded

kldload /boot/kernel/if_tap.ko

to make sure its there after boot do add
if_tap_load=3D"yes"
to your /boot/loader.conf

When used openvpn i also added

cloned_interfaces=3D"tun1"

to my rc.conf , then  reinitialize the network stack by  running
/etc/netstart


I also set the open vpn client to explicitly use tun1