OpenVPN with xp & win7 clients
luzar722 at gmail.com
Mon Jul 18 20:53:13 UTC 2016
Odhiambo Washington wrote:
> On 17 July 2016 at 23:18, Ernie Luzar <luzar722 at gmail.com
> <mailto:luzar722 at gmail.com>> wrote:
> Odhiambo Washington wrote:
> On 17 July 2016 at 18:58, Ernie Luzar <luzar722 at gmail.com
> <mailto:luzar722 at gmail.com> <mailto:luzar722 at gmail.com
> <mailto:luzar722 at gmail.com>>> wrote:
> Hello List;
> I travel outside of my home country a lot and can not access
> web site content because internet connection is from foreign ip
> address range.
> I see many how-tos for installing and configuration VPN on a
> host. But all most all of these how-tos assume the client
> will be a
> FreeBSD box also. In my case I have 2 laptops I travel with,
> win xp
> & win7. The official OpenVPN website does offer clients for xp &
> win7 but configuration info is not available.
> Looking for how-to to setup VPN client on xp & win7.
> For Windows client, use the following:
> The FreeBSD handbook has section on IPsec/VPN, but again it
> server and client is a FreeBSD host. Looking for how-to on
> up IPsec/VPN on xp & win7.
> For setting up the server, use the following: Use this link:
> I have 2 concerns. How much hesitation will VPN inject into
> tv programs or movies on my laptops in a foreign country? Will
> IPsec/VPN inject longer hesitations?
> I cannot tell about the latencies (I guess that is what you call
> hesitation :-)) because I haven't tried it.
> Can I use the remote VPN client to start the show streaming
> and then
> have the VPN host record the program? Later down loading the
> file to my laptop for viewing?
> That is beyond the scope of FreeBSD questions I guess :-)
> But maybe someone has done it and will give you their story.
> " For setting up the server, use the following: Use this link:
> That link content is out-dated. The openvpn port/pkg does not
> include the easy-rsa scripts build-ca, build-key-server, build-key,
> build-dh that are described in that how-too. The certificates are
> the backbone of security for VPN and without correct documentation
> that how-to is useless. To make things even worse, the easy-rsa port
> is lacking a manual page.
> That link is very comprehensive, but also if you applied a little common
> sense, you'd realize that you can install easy-rsa either using the pkg
> or ports. That's what I did and things work so well.
> root at waridi:/usr/local/etc/fail2ban # locate easy-rsa
> /usr/ports/security/easy-rsa/files/easyrsa.in <http://easyrsa.in>
> root at waridi:/usr/local/etc/fail2ban # pkg search -x easy-rsa
> easy-rsa-3.0.1_1 Small RSA key management package based on
> easy-rsa2-2.2.2 Small RSA key management package based on
> root at waridi:/usr/local/etc/fail2ban #
> I used that link and it works wonders. I have users roaming everywhere.
> All I have to do is generate client certs for them, download it to their
> PCs, install the VPN client, configure it (change tun to tap, enable
> lzo, disable prompting for username/password) and voila!
> Well, just search around for other HOWTOs.
Thanks for the details. I see the problem now. That how-to is based on
easy-rsa2-2.2.2 which was installed as part of a older version of the
openvpn port. The current version of openvpn port installs
easy-rsa-3.0.1_1 which is way different than easy-rsa2-2.2.2 which makes
that openvpn install how-to out dated.
Another difference is the version of openvpn installed by the current
openvpn port is different than the openvpn version installed with the
easy-rsa2-2.2.2 version of the port.
Openvpn-2.3.11 now at start time wants "Enter Private key password".
Need to find a way to stop this prompt so openvpn will start at boot
time without human intervention.
More information about the freebsd-questions