Date: Mon, 18 Jul 2016 12:27:57 +0300 From: Odhiambo Washington <odhiambo@gmail.com> To: Ernie Luzar <luzar722@gmail.com> Cc: questions <questions@freebsd.org> Subject: Re: OpenVPN with xp & win7 clients Message-ID: <CAAdA2WPxehy1Fk=KrHEzuVdNNnVXEVfkU7oQPhSFa27BVWPW_A@mail.gmail.com> In-Reply-To: <578BE812.9000601@gmail.com> References: <578BAB1A.2010109@gmail.com> <CAAdA2WNMdprFZ23cdUj4ms5A=Tj5XKZwreiwihcqEgE7zC-22g@mail.gmail.com> <578BE812.9000601@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 17 July 2016 at 23:18, Ernie Luzar <luzar722@gmail.com> wrote: > Odhiambo Washington wrote: > > >> >> On 17 July 2016 at 18:58, Ernie Luzar <luzar722@gmail.com <mailto: >> luzar722@gmail.com>> wrote: >> >> Hello List; >> >> I travel outside of my home country a lot and can not access some >> web site content because internet connection is from foreign ip >> address range. >> >> I see many how-tos for installing and configuration VPN on a FreeBSD >> host. But all most all of these how-tos assume the client will be a >> FreeBSD box also. In my case I have 2 laptops I travel with, win xp >> & win7. The official OpenVPN website does offer clients for xp & >> win7 but configuration info is not available. >> >> Looking for how-to to setup VPN client on xp & win7. >> >> >> >> For Windows client, use the following: >> http://download.securepoint.de/?d=Securepoint%20SSL%20VPN%20Client/v1.0.3 >> >> >> >> The FreeBSD handbook has section on IPsec/VPN, but again it assumes >> server and client is a FreeBSD host. Looking for how-to on setting >> up IPsec/VPN on xp & win7. >> >> >> For setting up the server, use the following: Use this link: >> http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/ >> >> >> I have 2 concerns. How much hesitation will VPN inject into watching >> tv programs or movies on my laptops in a foreign country? Will >> IPsec/VPN inject longer hesitations? >> >> >> I cannot tell about the latencies (I guess that is what you call >> hesitation :-)) because I haven't tried it. >> >> >> Can I use the remote VPN client to start the show streaming and then >> have the VPN host record the program? Later down loading the program >> file to my laptop for viewing? >> >> >> That is beyond the scope of FreeBSD questions I guess :-) >> But maybe someone has done it and will give you their story. >> >> >> > > " For setting up the server, use the following: Use this link: > http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/" > > That link content is out-dated. The openvpn port/pkg does not include the > easy-rsa scripts build-ca, build-key-server, build-key, build-dh that are > described in that how-too. The certificates are the backbone of security > for VPN and without correct documentation that how-to is useless. To make > things even worse, the easy-rsa port is lacking a manual page. > > That link is very comprehensive, but also if you applied a little common sense, you'd realize that you can install easy-rsa either using the pkg or ports. That's what I did and things work so well. root@waridi:/usr/local/etc/fail2ban # locate easy-rsa /usr/ports/security/easy-rsa /usr/ports/security/easy-rsa/Makefile /usr/ports/security/easy-rsa/distinfo /usr/ports/security/easy-rsa/files /usr/ports/security/easy-rsa/files/easyrsa.in /usr/ports/security/easy-rsa/pkg-descr /usr/ports/security/easy-rsa/pkg-plist /usr/ports/security/easy-rsa2 /usr/ports/security/easy-rsa2/Makefile /usr/ports/security/easy-rsa2/distinfo /usr/ports/security/easy-rsa2/pkg-descr /usr/ports/security/easy-rsa2/pkg-plist root@waridi:/usr/local/etc/fail2ban # pkg search -x easy-rsa easy-rsa-3.0.1_1 Small RSA key management package based on openssl easy-rsa2-2.2.2 Small RSA key management package based on openssl root@waridi:/usr/local/etc/fail2ban # I used that link and it works wonders. I have users roaming everywhere. All I have to do is generate client certs for them, download it to their PCs, install the VPN client, configure it (change tun to tap, enable lzo, disable prompting for username/password) and voila! Well, just search around for other HOWTOs. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAdA2WPxehy1Fk=KrHEzuVdNNnVXEVfkU7oQPhSFa27BVWPW_A>