From owner-freebsd-questions@freebsd.org Mon Jul 18 09:28:40 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CE3CBB9CE2D for ; Mon, 18 Jul 2016 09:28:40 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id AC5B91B1C for ; Mon, 18 Jul 2016 09:28:40 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id ABB0AB9CE2C; Mon, 18 Jul 2016 09:28:40 +0000 (UTC) Delivered-To: questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AB51CB9CE2B for ; Mon, 18 Jul 2016 09:28:40 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 35C4F1B1B for ; Mon, 18 Jul 2016 09:28:40 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: by mail-wm0-x229.google.com with SMTP id o80so107390107wme.1 for ; Mon, 18 Jul 2016 02:28:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=qKWMzJ8UgMiZKjhr6yft7IwHU9tW3M18kKxiUKFaUbI=; b=dx8+EsRkYqy6aiEIsFQm0DeYcroGReAFESq1NujhmuovUMsyuNJhNHKPpewkXzg4Oz 4lKc7/CyP6B9mDEC5K9f5TOLNycXS+wGic7jyirQTlFl1xrT/qS8FwE5trYPb/6DiCNy z1ueTGcqIbA9AWOxyLt74x5ysXTqWo+do3T7VIApMzDksWibqF8qke6nMEQFTyMKoISa O4UDERc4Pzrb2bmZ/FSbnhWOAee+nSYDrm52PSFAnN2zSSDWrw9qpZOaKgrqCCEYbrDh 6QsCOAC6GJhap7bp2MV3Ox9HMhOiCZcCsdzGVZ2WVaoPSXk3u19TW0qVFXrBFl+t5WLO 1fIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=qKWMzJ8UgMiZKjhr6yft7IwHU9tW3M18kKxiUKFaUbI=; b=Si8iJZvcj42DOOwwmr+MW9VcLwP1aucl01wU+jXkvPlplfCjNawJE/Swp8zmv2NRg/ KQSJIZZdWwEL3AvfO/m9xpQ+HMMRjuE5K2LB+tPkbU2TUxN9r9uxmGKa/s5SgRjJVYG0 e1pc0LHW4ChtNQwi8tuWO8L9WHZr8m1F+jRKGrj+4xnGAgygh4ZT1loKF8bYOycM4gd7 pclyT0v8hOH6lDDne1EZ29lBZhN5fiHjDIpzTWQXAXTFO2LC1D1uo0M1ZH20bxSGjkea Zw8hu+EJppujDgc08BJ2PcUkoWeEfjBPJXOBYbLrDnaZjlt6peYTbt5Xt7Dt/rYU45yv JgHw== X-Gm-Message-State: ALyK8tK9UHE0K0aB70exV5Zk39nF4+IO4MHcY6kmcePlhh86jDSelCt/cIMSIYaxTknzqfvgrAmYcMFJltvpFQ== X-Received: by 10.28.209.130 with SMTP id i124mr35230915wmg.57.1468834117166; Mon, 18 Jul 2016 02:28:37 -0700 (PDT) MIME-Version: 1.0 Received: by 10.194.162.137 with HTTP; Mon, 18 Jul 2016 02:27:57 -0700 (PDT) In-Reply-To: <578BE812.9000601@gmail.com> References: <578BAB1A.2010109@gmail.com> <578BE812.9000601@gmail.com> From: Odhiambo Washington Date: Mon, 18 Jul 2016 12:27:57 +0300 Message-ID: Subject: Re: OpenVPN with xp & win7 clients To: Ernie Luzar Cc: questions Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jul 2016 09:28:40 -0000 On 17 July 2016 at 23:18, Ernie Luzar wrote: > Odhiambo Washington wrote: > > >> >> On 17 July 2016 at 18:58, Ernie Luzar > luzar722@gmail.com>> wrote: >> >> Hello List; >> >> I travel outside of my home country a lot and can not access some >> web site content because internet connection is from foreign ip >> address range. >> >> I see many how-tos for installing and configuration VPN on a FreeBSD >> host. But all most all of these how-tos assume the client will be a >> FreeBSD box also. In my case I have 2 laptops I travel with, win xp >> & win7. The official OpenVPN website does offer clients for xp & >> win7 but configuration info is not available. >> >> Looking for how-to to setup VPN client on xp & win7. >> >> >> >> For Windows client, use the following: >> http://download.securepoint.de/?d=Securepoint%20SSL%20VPN%20Client/v1.0.3 >> >> >> >> The FreeBSD handbook has section on IPsec/VPN, but again it assumes >> server and client is a FreeBSD host. Looking for how-to on setting >> up IPsec/VPN on xp & win7. >> >> >> For setting up the server, use the following: Use this link: >> http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/ >> >> >> I have 2 concerns. How much hesitation will VPN inject into watching >> tv programs or movies on my laptops in a foreign country? Will >> IPsec/VPN inject longer hesitations? >> >> >> I cannot tell about the latencies (I guess that is what you call >> hesitation :-)) because I haven't tried it. >> >> >> Can I use the remote VPN client to start the show streaming and then >> have the VPN host record the program? Later down loading the program >> file to my laptop for viewing? >> >> >> That is beyond the scope of FreeBSD questions I guess :-) >> But maybe someone has done it and will give you their story. >> >> >> > > " For setting up the server, use the following: Use this link: > http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/" > > That link content is out-dated. The openvpn port/pkg does not include the > easy-rsa scripts build-ca, build-key-server, build-key, build-dh that are > described in that how-too. The certificates are the backbone of security > for VPN and without correct documentation that how-to is useless. To make > things even worse, the easy-rsa port is lacking a manual page. > > That link is very comprehensive, but also if you applied a little common sense, you'd realize that you can install easy-rsa either using the pkg or ports. That's what I did and things work so well. root@waridi:/usr/local/etc/fail2ban # locate easy-rsa /usr/ports/security/easy-rsa /usr/ports/security/easy-rsa/Makefile /usr/ports/security/easy-rsa/distinfo /usr/ports/security/easy-rsa/files /usr/ports/security/easy-rsa/files/easyrsa.in /usr/ports/security/easy-rsa/pkg-descr /usr/ports/security/easy-rsa/pkg-plist /usr/ports/security/easy-rsa2 /usr/ports/security/easy-rsa2/Makefile /usr/ports/security/easy-rsa2/distinfo /usr/ports/security/easy-rsa2/pkg-descr /usr/ports/security/easy-rsa2/pkg-plist root@waridi:/usr/local/etc/fail2ban # pkg search -x easy-rsa easy-rsa-3.0.1_1 Small RSA key management package based on openssl easy-rsa2-2.2.2 Small RSA key management package based on openssl root@waridi:/usr/local/etc/fail2ban # I used that link and it works wonders. I have users roaming everywhere. All I have to do is generate client certs for them, download it to their PCs, install the VPN client, configure it (change tun to tap, enable lzo, disable prompting for username/password) and voila! Well, just search around for other HOWTOs. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."