From owner-freebsd-questions@FreeBSD.ORG Wed May 11 15:21:49 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4BE00106566B for ; Wed, 11 May 2011 15:21:49 +0000 (UTC) (envelope-from btillman99@yahoo.com) Received: from nm26-vm0.bullet.mail.sp2.yahoo.com (nm26-vm0.bullet.mail.sp2.yahoo.com [98.139.91.230]) by mx1.freebsd.org (Postfix) with SMTP id 24A388FC0C for ; Wed, 11 May 2011 15:21:48 +0000 (UTC) Received: from [98.139.91.62] by nm26.bullet.mail.sp2.yahoo.com with NNFMP; 11 May 2011 15:21:48 -0000 Received: from [98.139.91.23] by tm2.bullet.mail.sp2.yahoo.com with NNFMP; 11 May 2011 15:21:48 -0000 Received: from [127.0.0.1] by omp1023.mail.sp2.yahoo.com with NNFMP; 11 May 2011 15:21:48 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 853158.20499.bm@omp1023.mail.sp2.yahoo.com Received: (qmail 59623 invoked by uid 60001); 11 May 2011 15:21:48 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1305127308; bh=Uuc0nhbxuWfb4KLFVYK6EJolQi3rFmmN1CRWAE3xpFs=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:Cc:MIME-Version:Content-Type; b=zii2hb7gYY1O0MeWPnL6RBl0xEbQ4abpE7uVRHmmqXQSUWj/+luVYlfpvaUq2v8XkUejr2Yt+Vl+pi8ysoDLwbIakCgZvjWvz4zsAg2wn1tOnqD4LEoc/rJ7AG4rDZ8DdA6JpKsoIYM9DR9bV5Rw65zJIxDWygZlwAEXO+fo2Hk= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:Cc:MIME-Version:Content-Type; b=XqAsfTckmUS8AdJd9yRwq6dGXaYCiyZigpHaa/quh+j6g2/mQz/z8g53cdA9Bn+lwELTrag1eitJcwWtqJo7UiJLBSsRijClG88w+cH8ZrBN21cWHvZbHtKOppr5KSCvIJ1WBmOcDws9aa1+H/8cL5tsz9CSo8ysgUjnvA6qrmU=; Message-ID: <207183.59415.qm@web36504.mail.mud.yahoo.com> X-YMail-OSG: PpgI7LoVM1lfqy6w0.bteuM9kVuoCxIUhpUjRvZFpv5wjGW BfaLz6gODBgYpbP0j4zcCuUyMhRbZvi3YO4dL2F75ksLLjQ_dEWsTgeV..r_ Z75PpEapPV8eQvo1xXp.23idMq1Gitb86ydHNI1R.lKDVDlMUKHPSMxoEYoa v1a4aOAuOVi1yVZiVNUz6Zbo9Kc6TDnljgkuAVrSbq.ilSh_5h32QI_vTWil 32j1aNWYTCCat_nj57knZeQoy8hjmvq4RB5CuOesWGGn4CZZTkaAEQyXRhg4 i9q4fJgbYLrYlJf5xgxE3bxJttH3LRG.n5yfP3m5PY3s6ibOwCGv4nh3VcYj uQajPG6mhLX_udcDwBn1mbn75QddJtSexHnL0YgJJPdV4J_mbI4bDmGbfPCo NrCEvyUCLIk0dFpyJOhPoeeUW8BLwx9bfbVXsdy2kndvJfjA- Received: from [98.99.202.70] by web36504.mail.mud.yahoo.com via HTTP; Wed, 11 May 2011 08:21:47 PDT X-Mailer: YahooMailRC/567 YahooMailWebService/0.8.111.303096 Date: Wed, 11 May 2011 08:21:47 -0700 (PDT) From: Bill Tillman To: Kevin Wilcox MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: OpenVPN Setup X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2011 15:21:49 -0000 =0A=A0=0A=0A________________________________=0AFrom: Kevin Wilcox =0ATo: Bill Tillman =0ACc: freebsd-que= stions@freebsd.org=0ASent: Wed, May 11, 2011 9:28:08 AM=0ASubject: Re: Open= VPN Setup=0A=0AOn Wed, May 11, 2011 at 09:11, Bill Tillman wrote:=0A=0A> 2. I have my OpenVPN process running on my FreeBSD ser= ver and wish to test it=0A> with the OpenVPN client for Windows on my lapto= p from an outside location. But=0A> the only outside locations I have acces= s to right now are the local McDonalds=0A> and Starbucks which offer free W= iFi via AT&T's network. The trouble with this =0A>is=0A> they appear to be = blocking almost everything at these locations with the=0A> exception of HTT= P traffic. I can't make the connection and I cannot acces my =0A>LAN=0A> vi= a SSH either. I don't think they are blocking any particular ports on these= =0A> systems as much as they are just blocking everything except those port= s which=0A> allow users to surf the web. The only thing which appears in th= e status window=0A> is that's it trying to make the handshake but then fail= s. I can ping my home=0A> server from these outside locations so I know my = server is reachable.=0A=0AIt's not uncommon for guest/visitor/unsponsored/p= ortal wireless to=0Aonly have ports 80 and 443 (sometimes only port 80) ope= n. You can=0Amodify your server's config to use port 80 instead of 1194 (as= suming=0Ayou aren't running a webserver on that machine). Keep in mind that= if=0Ayou do that then before you can connect you'll have to:=0A=0Ao change= the config on the server=0Ao restart openvpn on the server=0Ao change the = config on the client=0A=0Akmw=0A___________________________________________= ____=0Afreebsd-questions@freebsd.org mailing list=0Ahttp://lists.freebsd.or= g/mailman/listinfo/freebsd-questions=0ATo unsubscribe, send any mail to "fr= eebsd-questions-unsubscribe@freebsd.org"=0A=0AThanks again. Setting the pro= to to tcp, port 443 is working at least. I'm =0Asitting comfortably in a St= arbucks with a cup of java and smooth jazz playing =0Aand with a powered co= nnection so I won't have to worry about battery in this =0Alaptop which onl= y lasts about 20 minutes these days. So I can run the VPN client =0Ahere an= d it makes connection and grabs an IP address 10.8.0.6, and I can ping =0At= he tunnel device on the other end 10.8.0.1 but I cannot access the other si= de =0Aof the VPN server at home, 10.0.0.0/24. Nothing will reply to pings a= nd my =0Aattempts to do remote desktop with one of my windows machines fail= s and I cannot =0Aaccess the Samba shares on the VPN server. I guess this m= ust be a routing issue =0Abut I thought the OpenVPN server set this up when= it started. Any additional =0Aadvice will be appreciated. I'm going to sta= y here and hack at it until they run =0Ame off.=0A=0A=0AJust cleared one mo= re hurdle. Turns out the PUSH line in server.conf was still =0Acommented ou= t. A quick change there and it's off and running. I can now ping =0Ainside = my LAN from this remote connection and just completed a successful Remote = =0ADesktop session with one of the Windows clients inside as well. I'm stil= l =0Asomewhat confused on the routes needed and several of my tests are sti= ll in =0Aplace on the home LAN servers so I'm not sure what actually worked= and what can =0Abe removed if any. The PUSH line though seemed to be all i= t needed but I think =0Athere is something on the inside which needs to be = set as well.=0A=0ASorry for all the traffic, but I have the time this week = to hack at this until I =0Aget it right.=0A