How can I configure vpn server?

beginners
domain
testing
mailserver
firewall

(Hitesh Dubey) #1

Dear,

I want to configure VPN in our Nethserver and wants to connect clients from internet through this vpn server.

Thanks
Hitesh


(Giacomo Sanchietti) #2

http://docs.nethserver.org/en/latest/vpn.html


(Hitesh Dubey) #3

Dear Giacomo,

Thanks for reply

i have read this manual but i couldn’t solve this issue, i would request you to please make me understand How to connect client machine with this VPN server, what will be firewall policy and VPN configuration.


(Artem Fedai) #4

@Hitesh_Dubey what do you want to achieve ? Drow some picture or net topology… I’ll try to help :slight_smile:


(Hitesh Dubey) #5

Dear Nas,

I have one Nethserver 6.6 —> I have one static IP ----> Static IP is natted with local private ip —> server is configured with PDC+OWNCLOUD+ Mail Server + DHCP&DNS + File Server -------> this is our Office environment ----------> i want to connect my office from my Home through VPN ---------> Now i want to configure OpenVPN in nethserver —> i have internet at my home.

SO please guide me How to configure VPN in Netherver . This all about my scenario .

Thanks
Hitesh


What do i put in certificate box while connecting to VPN remote host?
(Artem Fedai) #6

Your case is preaty simple :
1 Go to Configuration -> VPN -> create new user
2 Go to OpenVPN :

3 Then back to Accounts - Push Download :

4 Select OpenVpn configuration :

5 Download and install OpenVpn client for your Home PC:

https://openvpn.net/index.php/open-source/downloads.html

6 Install OpenVPN client :

Copy downloaded from step4 config file to C:\Program Files\OpenVPN\config\

7 Run :

8 Than in Tray double click on :


Howto configure OpenVPN Roadwarrior
(Alessio Fattorini) #7

That’s a good quick guide with screenshots, you should create a FAQ :smile:


(Artem Fedai) #8

Yep, and it is One of the most common case for people :slight_smile:


(Alessio Fattorini) #9

Maybe you should make some screenshots of such part


(Hitesh Dubey) #10

Dear Nas,

Thanks for your Valuable Reply

I am facing some issues after configuration - when i try to connect any user profile from VPN client it only runs connecting but not connected.

-

created Users

Admin is — System User

Hitesh ---- System
User

Tommy ----- VPN Only

Configuration

OUR INTERNAL NETWORK IS - 192.168.1.0/24

IMPORTED PROFILE IN OPEN VPN CLIENT

**STUCK ON THIS SCREEN

With NO result _______-- Please Help on this

Thanks
Hitesh


(Artem Fedai) #11

Updated Instruction :


(Artem Fedai) #12

@Hitesh_Dubey you don’t need to write Network Address to your OpenVPN Accounts and your Home network could not be like your office Range 192.168.1.0/24.


(Hitesh Dubey) #13

Dear Nas,

Are you talking about Network Address in New User tab or in Open VPN configuration Tab, Please let me know .

Please also tell me, VPN ONLY or SYSTEM USER


(Hitesh Dubey) #14

Dear Nas,

Sorry to bothered you again and again, But i am in trouble, i have to solve this

i have created system user without any network, i downloaded open vpn config file and deployed in OpenVpn Client, But its continuous in connecting mode

Senario is - I have one public ip ( without DNS ) natted with local ip 192.168.1.0 Range

All settings i have sent you in previous Reply with all snap.

Even i tried to connect with linux system But i got following Error

tommy@phoenix:~$ openvpn --config test.ovpn

Mon Aug 24 20:52:04 2015 OpenVPN 2.3.4 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 1 2014

Mon Aug 24 20:52:04 2015 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08

Mon Aug 24 20:52:04 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Mon Aug 24 20:52:04 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]

Mon Aug 24 20:52:04 2015 UDPv4 link local: [undef]

Mon Aug 24 20:52:04 2015 UDPv4 link remote: [AF_INET]95.224.30.122:1194

Mon Aug 24 20:52:04 2015 TLS: Initial packet from [AF_INET]95.224.30.122:1194, sid=698c649b 784ace4e

Mon Aug 24 20:52:05 2015 VERIFY OK: depth=0, CN=NethServer, O=Example Org, ST=SomeState, OU=Main, emailAddress=root@localhost.localdomain, C=–, L=Hometown

Mon Aug 24 20:53:04 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Mon Aug 24 20:53:04 2015 TLS Error: TLS handshake failed

Mon Aug 24 20:53:04 2015 SIGUSR1[soft,tls-error] received, process restarting

Mon Aug 24 20:53:04 2015 Restart pause, 2 second(s)

Mon Aug 24 20:53:06 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Mon Aug 24 20:53:06 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]

Mon Aug 24 20:53:06 2015 UDPv4 link local: [undef]

Mon Aug 24 20:53:06 2015 UDPv4 link remote: [AF_INET]95.224.30.122:1194

Mon Aug 24 20:53:06 2015 TLS: Initial packet from [AF_INET]95.224.30.122:1194, sid=a16558a2 55a93331

Mon Aug 24 20:53:06 2015 VERIFY OK: depth=0, CN=NethServer, O=Example Org, ST=SomeState, OU=Main, emailAddress=root@localhost.localdomain, C=–, L=Hometown

Mon Aug 24 20:54:06 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Mon Aug 24 20:54:06 2015 TLS Error: TLS handshake failed

Mon Aug 24 20:54:06 2015 SIGUSR1[soft,tls-error] received, process restarting

Mon Aug 24 20:54:06 2015 Restart pause, 2 second(s)

Mon Aug 24 20:54:08 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Mon Aug 24 20:54:08 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]

Mon Aug 24 20:54:08 2015 UDPv4 link local: [undef]

Mon Aug 24 20:54:08 2015 UDPv4 link remote: [AF_INET]95.224.30.122:1194

Mon Aug 24 20:54:08 2015 TLS: Initial packet from [AF_INET]95.224.30.122:1194, sid=c5602054 5b91d87f

Mon Aug 24 20:54:08 2015 VERIFY OK: depth=0, CN=NethServer, O=Example Org, ST=SomeState, OU=Main, emailAddress=root@localhost.localdomain, C=–, L=Hometown

Mon Aug 24 20:55:08 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Mon Aug 24 20:55:08 2015 TLS Error: TLS handshake failed

Mon Aug 24 20:55:08 2015 SIGUSR1[soft,tls-error] received, process restarting

Mon Aug 24 20:55:08 2015 Restart pause, 2 second(s)

Mon Aug 24 20:55:10 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Mon Aug 24 20:55:10 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]

Mon Aug 24 20:55:10 2015 UDPv4 link local: [undef]

Mon Aug 24 20:55:10 2015 UDPv4 link remote: [AF_INET]95.224.30.122:1194

Mon Aug 24 20:55:10 2015 TLS: Initial packet from [AF_INET]95.224.30.122:1194, sid=255296c6 de50c4b2

Mon Aug 24 20:55:11 2015 VERIFY OK: depth=0, CN=NethServer, O=Example Org, ST=SomeState, OU=Main, emailAddress=root@localhost.localdomain, C=–, L=Hometown

Mon Aug 24 20:56:10 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Mon Aug 24 20:56:10 2015 TLS Error: TLS handshake failed

Mon Aug 24 20:56:10 2015 SIGUSR1[soft,tls-error] received, process restarting

Mon Aug 24 20:56:10 2015 Restart pause, 2 second(s)

Mon Aug 24 20:56:12 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Mon Aug 24 20:56:12 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]

Mon Aug 24 20:56:12 2015 UDPv4 link local: [undef]

Mon Aug 24 20:56:12 2015 UDPv4 link remote: [AF_INET]95.224.30.122:1194

Mon Aug 24 20:56:13 2015 TLS: Initial packet from [AF_INET]95.224.30.122:1194, sid=2baa96f6 e0b6d170

Mon Aug 24 20:56:14 2015 VERIFY OK: depth=0, CN=NethServer, O=Example Org, ST=SomeState, OU=Main, emailAddress=root@localhost.localdomain, C=–, L=Hometown

Mon Aug 24 20:57:12 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Mon Aug 24 20:57:12 2015 TLS Error: TLS handshake failed

Mon Aug 24 20:57:12 2015 SIGUSR1[soft,tls-error] received, process restarting

Mon Aug 24 20:57:12 2015 Restart pause, 2 second(s)

Mon Aug 24 20:57:14 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Mon Aug 24 20:57:14 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]

Mon Aug 24 20:57:14 2015 UDPv4 link local: [undef]

Mon Aug 24 20:57:14 2015 UDPv4 link remote: [AF_INET]95.224.30.122:1194

Mon Aug 24 20:57:14 2015 TLS: Initial packet from [AF_INET]95.224.30.122:1194, sid=7930d96d 0b95ac06

Mon Aug 24 20:57:16 2015 VERIFY OK: depth=0, CN=NethServer, O=Example Org, ST=SomeState, OU=Main, emailAddress=root@localhost.localdomain, C=–, L=Hometown

CN

I Would request to you please provide me some resolution on this,
Is there any Firewall Role in this ??

Thanks—


(Artem Fedai) #15

That is the problem


(Artem Fedai) #16

Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-25 00:12 EEST
Nmap scan report for host122-30-static.224-95-b.business.telecomitalia.it (95.224.30.122)
Host is up (0.075s latency).
PORT STATE SERVICE
1194/udp open|filtered openvpn

show please :
iptables -L | grep 1194


(Hitesh Dubey) #17

Dear Nas

we have only router firewall enabled, There is vpn ports are enable,
But on server no iptable or any firewall enabled,

Thanks


(Artem Fedai) #18

Write me to skype nassir_911


(Hitesh Dubey) #19

Dear Nas,

Thanksssss a lot for your great Help !

It is Solved by your instructions.

Thanksss
Hitesh .


(Alessio Fattorini) #20

Please @Nas @Hitesh_Dubey, can you show us how did you resolved?