Date: Mon, 18 Jul 2016 16:53:14 -0400 From: Ernie Luzar <luzar722@gmail.com> To: Odhiambo Washington <odhiambo@gmail.com> Cc: questions <questions@freebsd.org> Subject: Re: OpenVPN with xp & win7 clients Message-ID: <578D41BA.5070705@gmail.com> In-Reply-To: <CAAdA2WPxehy1Fk=KrHEzuVdNNnVXEVfkU7oQPhSFa27BVWPW_A@mail.gmail.com> References: <578BAB1A.2010109@gmail.com> <CAAdA2WNMdprFZ23cdUj4ms5A=Tj5XKZwreiwihcqEgE7zC-22g@mail.gmail.com> <578BE812.9000601@gmail.com> <CAAdA2WPxehy1Fk=KrHEzuVdNNnVXEVfkU7oQPhSFa27BVWPW_A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Odhiambo Washington wrote: > > > On 17 July 2016 at 23:18, Ernie Luzar <luzar722@gmail.com > <mailto:luzar722@gmail.com>> wrote: > > Odhiambo Washington wrote: > > > > On 17 July 2016 at 18:58, Ernie Luzar <luzar722@gmail.com > <mailto:luzar722@gmail.com> <mailto:luzar722@gmail.com > <mailto:luzar722@gmail.com>>> wrote: > > Hello List; > > I travel outside of my home country a lot and can not access > some > web site content because internet connection is from foreign ip > address range. > > I see many how-tos for installing and configuration VPN on a > FreeBSD > host. But all most all of these how-tos assume the client > will be a > FreeBSD box also. In my case I have 2 laptops I travel with, > win xp > & win7. The official OpenVPN website does offer clients for xp & > win7 but configuration info is not available. > > Looking for how-to to setup VPN client on xp & win7. > > > > For Windows client, use the following: > http://download.securepoint.de/?d=Securepoint%20SSL%20VPN%20Client/v1.0.3 > > > > The FreeBSD handbook has section on IPsec/VPN, but again it > assumes > server and client is a FreeBSD host. Looking for how-to on > setting > up IPsec/VPN on xp & win7. > > > For setting up the server, use the following: Use this link: > http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/ > > > I have 2 concerns. How much hesitation will VPN inject into > watching > tv programs or movies on my laptops in a foreign country? Will > IPsec/VPN inject longer hesitations? > > > I cannot tell about the latencies (I guess that is what you call > hesitation :-)) because I haven't tried it. > > > Can I use the remote VPN client to start the show streaming > and then > have the VPN host record the program? Later down loading the > program > file to my laptop for viewing? > > > That is beyond the scope of FreeBSD questions I guess :-) > But maybe someone has done it and will give you their story. > > > > > " For setting up the server, use the following: Use this link: > http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/" > > That link content is out-dated. The openvpn port/pkg does not > include the easy-rsa scripts build-ca, build-key-server, build-key, > build-dh that are described in that how-too. The certificates are > the backbone of security for VPN and without correct documentation > that how-to is useless. To make things even worse, the easy-rsa port > is lacking a manual page. > > > That link is very comprehensive, but also if you applied a little common > sense, you'd realize that you can install easy-rsa either using the pkg > or ports. That's what I did and things work so well. > > root@waridi:/usr/local/etc/fail2ban # locate easy-rsa > /usr/ports/security/easy-rsa > /usr/ports/security/easy-rsa/Makefile > /usr/ports/security/easy-rsa/distinfo > /usr/ports/security/easy-rsa/files > /usr/ports/security/easy-rsa/files/easyrsa.in <http://easyrsa.in>; > /usr/ports/security/easy-rsa/pkg-descr > /usr/ports/security/easy-rsa/pkg-plist > /usr/ports/security/easy-rsa2 > /usr/ports/security/easy-rsa2/Makefile > /usr/ports/security/easy-rsa2/distinfo > /usr/ports/security/easy-rsa2/pkg-descr > /usr/ports/security/easy-rsa2/pkg-plist > root@waridi:/usr/local/etc/fail2ban # pkg search -x easy-rsa > easy-rsa-3.0.1_1 Small RSA key management package based on > openssl > easy-rsa2-2.2.2 Small RSA key management package based on > openssl > root@waridi:/usr/local/etc/fail2ban # > > I used that link and it works wonders. I have users roaming everywhere. > All I have to do is generate client certs for them, download it to their > PCs, install the VPN client, configure it (change tun to tap, enable > lzo, disable prompting for username/password) and voila! > > Well, just search around for other HOWTOs. > > Thanks for the details. I see the problem now. That how-to is based on easy-rsa2-2.2.2 which was installed as part of a older version of the openvpn port. The current version of openvpn port installs easy-rsa-3.0.1_1 which is way different than easy-rsa2-2.2.2 which makes that openvpn install how-to out dated. Another difference is the version of openvpn installed by the current openvpn port is different than the openvpn version installed with the easy-rsa2-2.2.2 version of the port. Openvpn-2.3.11 now at start time wants "Enter Private key password". Need to find a way to stop this prompt so openvpn will start at boot time without human intervention.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?578D41BA.5070705>