openvpn server
1 Apr 2013
# cd /etc/openvpn
# mkdir easy-rsa
# cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* easy-rsa/
# chmod -R +x easy-rsa/
vpn não conseguia aceder à web
27 Jan 2013
hoje um dos clientes não conseguia aceder à web.
PROBLEMA: Algumas das regras do filtro cortavam todo o tráfego das vpn para os protocolos http, https e ssh
RESOLUÇÃO: Desativar a regra relativa à porta WAN2 no interface openvpn uma vez que quando se desativa a porta WAN2 em vez de desaparecerem as regras relativas a essa porta, no caso da WAN2, porque imagino ser a porta wan por omissão, nas regras é substituído o ip da porta por "any" impedindo assim o tráfego nesses portos para todos os ip.
Em anexo está a imagem que mostra o que acontece.
problema com openvpn gui
25 Aug 2012
Good news...
I found that on my Windows 7 system the problem was due to EnableBalloonTips being set to zero in
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
I deleted it and now it works fine. You could alse set it to 2 instead of deleting it.
Thanks,
...Karl
openvpn issues
15 Aug 2012
openwrt como cliente openvpn
28 Jul 2012
ip route add 10.0.70.0/24 dev br-lan_vpn table vpn
ip rule add from 10.0.70.0/24 table vpn
ip route add default dev tun0 table vpn
ip route flush cache
pacotes a instalar:
openvpn
luci-app-openvpn
iptables-mod-ipopt (para poder marcar os pacotes no iptables - se calhar não é necesário)
net.ipv4.icmp_errors_use_inbound_ifaddr=1 - em /etc/sysctl.conf,
ddwrt como cliente openvpn
24 Jul 2012
cortar o acesso da wlan à lan e à wan
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP
iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP
iptables -I FORWARD -i br1 -o `get_wanface` -j DROP
iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`
ip route add 192.168.70.0/24 dev br1 table 200
ip route add default via 10.0.11.5 dev tun1 table 200
ip rule add from 192.168.70.140 table 200
ip route flush cache
Client-cert-not-required
14 May 2012
Remember that OpenVPN is doing bidirectional authentication: The server
authenticates the client and client authenticates the server.
Server Authenticates Client -- can be done with either a client
certificate or auth-user-pass or both.
Client Authenticates Server -- can currently only be done via a server
certificate signed by the root certificate (CA).
So you can use "auth-user-pass" and "client-cert-not-required" on the
client, but you still need a "ca" cert on the client to verify the
identity of the server.
James
OpenVPN passtos does not work
3 Dec 2011
no windows passtos num funciona! hahahaha!
openvpn - encaminhando todo o tráfego pelo túnel
24 Nov 2011
openvpn no debian squeeze
1 Nov 2011