From owner-freebsd-questions@freebsd.org Mon Jul 18 20:53:13 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A6FFBB9B9AC for ; Mon, 18 Jul 2016 20:53:13 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 82F24194D for ; Mon, 18 Jul 2016 20:53:13 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 7E63DB9B9AB; Mon, 18 Jul 2016 20:53:13 +0000 (UTC) Delivered-To: questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7BC2EB9B9A9 for ; Mon, 18 Jul 2016 20:53:13 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it0-x22b.google.com (mail-it0-x22b.google.com [IPv6:2607:f8b0:4001:c0b::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3535E194C for ; Mon, 18 Jul 2016 20:53:13 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it0-x22b.google.com with SMTP id f6so1920233ith.0 for ; Mon, 18 Jul 2016 13:53:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=EpCl4YILJkfsFva5ghux6iluT0ehAeC8kmVuoa4irGQ=; b=N5PoRbXN4hUnr+Us4Rzmu+5b2d6ceYMSmxZYOQYZVe2GMKWLK9avp3eKpzmWxvzOBg 50+r3CVvYFVw/8aPqbJLdLuHuPs0m2dROv8RUgwxgFgwNPJ5jH+Bv1nbqpRp3OimEE2O CapW54EQcpd2WQmnfLEuCTIWPynfFNfipwBKHgVSh4xEbJDhF504ctyQdxagb/KFDawK 5S6XHUsls7VYaPJ/99Q+WHBJKHG/76cHByJvKPWCYPthg90vLR53MFZnBVVu/f7lKXrJ Bcj+kZKYhu6AZdaDKNw0Ii5vcyJkgr+vtkWZRES1RsdMj9xiPFPfyjyh5MPihpSzcR6Z rTZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=EpCl4YILJkfsFva5ghux6iluT0ehAeC8kmVuoa4irGQ=; b=UMR+rY8UwYSqq8bF+1Mmw64umXptXCh9gyWABoz9+Gycc4wkp6Z3/CkN8xEUp+l0yh iy2pp6HHWD795499faQBboOdaHUtpRNsTFrNiXpm3ZbJhItnWKmQp/IVOPFfFBy6Nk8x DEz5IfMtTQo1WsVxwK/X78dgwPUyJ+vHzX8Xg+tJbyn1800zE6aJgGrdvyp9GEwtjVZX dBvuBvMaaj+W4xT0d9b1Xj4dbp7lmdIVQuXChNucAi6UuKHcXwnFMDuhx+CLPs94Ww4K 8XCp2Km/Z5ZYJP0Kvex5HBFfGU2TK6tU8Nnd3Nw2HRo5dApCDX9J20a77AjkWZ+WsiTl qujA== X-Gm-Message-State: ALyK8tL1DBiUozKR1ruMgbt/mG+EUZslBGIbR9Wk37JsH7c3SGEgo1J3+eUuT7CNuQeOAQ== X-Received: by 10.36.10.196 with SMTP id 187mr366154itw.93.1468875192622; Mon, 18 Jul 2016 13:53:12 -0700 (PDT) Received: from [10.0.10.3] (cpe-184-56-210-236.neo.res.rr.com. [184.56.210.236]) by smtp.googlemail.com with ESMTPSA id m203sm9599939iom.21.2016.07.18.13.53.11 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 18 Jul 2016 13:53:12 -0700 (PDT) Message-ID: <578D41BA.5070705@gmail.com> Date: Mon, 18 Jul 2016 16:53:14 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Odhiambo Washington CC: questions Subject: Re: OpenVPN with xp & win7 clients References: <578BAB1A.2010109@gmail.com> <578BE812.9000601@gmail.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jul 2016 20:53:13 -0000 Odhiambo Washington wrote: > > > On 17 July 2016 at 23:18, Ernie Luzar > wrote: > > Odhiambo Washington wrote: > > > > On 17 July 2016 at 18:58, Ernie Luzar >> wrote: > > Hello List; > > I travel outside of my home country a lot and can not access > some > web site content because internet connection is from foreign ip > address range. > > I see many how-tos for installing and configuration VPN on a > FreeBSD > host. But all most all of these how-tos assume the client > will be a > FreeBSD box also. In my case I have 2 laptops I travel with, > win xp > & win7. The official OpenVPN website does offer clients for xp & > win7 but configuration info is not available. > > Looking for how-to to setup VPN client on xp & win7. > > > > For Windows client, use the following: > http://download.securepoint.de/?d=Securepoint%20SSL%20VPN%20Client/v1.0.3 > > > > The FreeBSD handbook has section on IPsec/VPN, but again it > assumes > server and client is a FreeBSD host. Looking for how-to on > setting > up IPsec/VPN on xp & win7. > > > For setting up the server, use the following: Use this link: > http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/ > > > I have 2 concerns. How much hesitation will VPN inject into > watching > tv programs or movies on my laptops in a foreign country? Will > IPsec/VPN inject longer hesitations? > > > I cannot tell about the latencies (I guess that is what you call > hesitation :-)) because I haven't tried it. > > > Can I use the remote VPN client to start the show streaming > and then > have the VPN host record the program? Later down loading the > program > file to my laptop for viewing? > > > That is beyond the scope of FreeBSD questions I guess :-) > But maybe someone has done it and will give you their story. > > > > > " For setting up the server, use the following: Use this link: > http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/" > > That link content is out-dated. The openvpn port/pkg does not > include the easy-rsa scripts build-ca, build-key-server, build-key, > build-dh that are described in that how-too. The certificates are > the backbone of security for VPN and without correct documentation > that how-to is useless. To make things even worse, the easy-rsa port > is lacking a manual page. > > > That link is very comprehensive, but also if you applied a little common > sense, you'd realize that you can install easy-rsa either using the pkg > or ports. That's what I did and things work so well. > > root@waridi:/usr/local/etc/fail2ban # locate easy-rsa > /usr/ports/security/easy-rsa > /usr/ports/security/easy-rsa/Makefile > /usr/ports/security/easy-rsa/distinfo > /usr/ports/security/easy-rsa/files > /usr/ports/security/easy-rsa/files/easyrsa.in > /usr/ports/security/easy-rsa/pkg-descr > /usr/ports/security/easy-rsa/pkg-plist > /usr/ports/security/easy-rsa2 > /usr/ports/security/easy-rsa2/Makefile > /usr/ports/security/easy-rsa2/distinfo > /usr/ports/security/easy-rsa2/pkg-descr > /usr/ports/security/easy-rsa2/pkg-plist > root@waridi:/usr/local/etc/fail2ban # pkg search -x easy-rsa > easy-rsa-3.0.1_1 Small RSA key management package based on > openssl > easy-rsa2-2.2.2 Small RSA key management package based on > openssl > root@waridi:/usr/local/etc/fail2ban # > > I used that link and it works wonders. I have users roaming everywhere. > All I have to do is generate client certs for them, download it to their > PCs, install the VPN client, configure it (change tun to tap, enable > lzo, disable prompting for username/password) and voila! > > Well, just search around for other HOWTOs. > > Thanks for the details. I see the problem now. That how-to is based on easy-rsa2-2.2.2 which was installed as part of a older version of the openvpn port. The current version of openvpn port installs easy-rsa-3.0.1_1 which is way different than easy-rsa2-2.2.2 which makes that openvpn install how-to out dated. Another difference is the version of openvpn installed by the current openvpn port is different than the openvpn version installed with the easy-rsa2-2.2.2 version of the port. Openvpn-2.3.11 now at start time wants "Enter Private key password". Need to find a way to stop this prompt so openvpn will start at boot time without human intervention.