Create VPN Client, not net2net


(Eddie Atherton) #1

Hi,

Yet another Zentyal defector looking for a new home. :smile:

With Zentyal, I was able to “hack” the net2net VPN Client configuration so it ran as a normal client by creating my own “mas” (template) file which Zentyal then uses to create the OpenVPN configuration.

Is a similar technique available in NethServer, as this looks like the only unknown “feature” I’d have to have available to seriously consider switching over.

Cheers.


(Stefano) #2

hi, welcome here…

maybe I’m wrong but what’s wrong with NS openvpn? I mean, if you need a roadwarrior openvpn setup, you already have it…


(Artem Fedai) #3

net2net it is IPsec so it could be vunerable … i have not used it


(Stefano) #4

mmhh… can you give us details (and reference/urls) about IPSEC vulnerability?

thank you


(Artem Fedai) #5

Topic starter sayed that he hack net2net , I use road warrior VPN always :smile:


(Stefano) #6

sorry but there’s a misunderstanding: he hacked a zentyal script (originally written to create a net2net vpn) to adapt it to create a roadwarrior vpn…

IPSEC is quite sure and it’s, de facto, an industrial standard


(Eddie Atherton) #7

Hi,

I’m talking about the VPN Client to connect outbound, not the Server for inbound.

In my Zentyal server, I’m running both an inbound and an outbound.

Cheers.


(Artem Fedai) #8

Could you give some example , I’m under wine :smile:


(Stefano) #9

never work on a server under wine effect :wink:


(Artem Fedai) #10

Ha ha I’m just reading forum :smile: topic starter is awesome I hardly realize question :slight_smile:


(Filippo Carletti) #11

NethServer could be an openvpn client and server at the same time.
If you want to route all network traffic through the client vpn you need to add the network in the Client tab of the vpn page.

Could you provide zentyal files, maybe we could understand better what you’d like to obtain.


(Artem Fedai) #12

4.1 is owfull but still what you want to achieve ?


(Eddie Atherton) #13

I understand that NethServer, just like Zentyal, can be both a Client and Server at the same time, but both treat the Client as a net2net connection.

What I did was replace the “mas”, Zentyal template, which builds the VPN Client configuration from the data entered at the UI with a “normal” OpenVPN Client configuration to connect to my paid VPN provider. I then updated the iptables/ip routing to send only certain requests via the tun interface, to the VPN, and the remainder of the outbound traffic just leaves normally through my WAN ethernet.

The Server configuration is a normal one to allow inbound connections to my network when I’m working on the road.

Cheers.


(Artem Fedai) #14

so dont check use default Gateway for OpenVpn client , after it host in Your private Net would be reachable throuhg OpenVPN and other traffic would go through def gateway of your provider .


(Artem Fedai) #15

or you would like to achieve VPN cascade ? so client connect to NethServer and then Nethserver connect to Payed VPN and pass all traffic to it?


(Artem Fedai) #16

if the second variant , you should create new firewall zone for Payed VPN and route all traffic to it .


(Eddie Atherton) #17

Maybe this question I asked on LinuxQuestions might help understand how I use the Client VPN: http://www.linuxquestions.org/questions/linux-networking-3/help-needed-with-iptables-ip-route-for-split-routing-4175537840/

Cheers.


(Filippo Carletti) #18

googled a bit, I think that a Zentyal mas is a NethServer template.
You need a template-custom, if you could show your zentyal file we could help creating it.


(Eddie Atherton) #19

That’s what I kinda guessed reading through the docs, but wanted to see if I was anywhere near the right path before I spent time setting up the server to test.

The motherboard on my ESXi server died last week, so I haven’t got any hardware to set up a test just at the moment. Once I get that replaced, let me grab a download and play.

Then, maybe, I’ll take you up on the offer of help.

Thanks for the info so far.

Cheers.


(Artem Fedai) #20

@EddieA
Nethserver use shorewall , so you should create a provider and rtrules for this provider , it could be done from e-smith shorewall templete , if you are know what u need exactly !
wine drives me to sleep :wink: