OpenVPN with xp & win7 clients

Odhiambo Washington odhiambo at gmail.com
Tue Jul 19 09:00:18 UTC 2016 

Howtos can be outdated. No one is paid to maintain them.

About the prompt for the "Enter Private key password", please review how
you generated your certificates. Did you assign a passphrase? You don't
need to!


On 18 July 2016 at 23:53, Ernie Luzar <luzar722 at gmail.com> wrote:

> Odhiambo Washington wrote:
>
>>
>>
>> On 17 July 2016 at 23:18, Ernie Luzar <luzar722 at gmail.com <mailto:
>> luzar722 at gmail.com>> wrote:
>>
>>     Odhiambo Washington wrote:
>>
>>
>>
>>         On 17 July 2016 at 18:58, Ernie Luzar <luzar722 at gmail.com
>>         <mailto:luzar722 at gmail.com> <mailto:luzar722 at gmail.com
>>
>>         <mailto:luzar722 at gmail.com>>> wrote:
>>
>>             Hello List;
>>
>>             I travel outside of my home country a lot and can not access
>>         some
>>             web site content because internet connection is from foreign
>> ip
>>             address range.
>>
>>             I see many how-tos for installing and configuration VPN on a
>>         FreeBSD
>>             host. But all most all of these how-tos assume the client
>>         will be a
>>             FreeBSD box also. In my case I have 2 laptops I travel with,
>>         win xp
>>             & win7. The official OpenVPN website does offer clients for
>> xp &
>>             win7 but configuration info is not available.
>>
>>             Looking for how-to to setup VPN client on xp & win7.
>>
>>
>>
>>         For Windows client, use the following:
>>
>> http://download.securepoint.de/?d=Securepoint%20SSL%20VPN%20Client/v1.0.3
>>
>>
>>             The FreeBSD handbook has section on IPsec/VPN, but again it
>>         assumes
>>             server and client is a FreeBSD host. Looking for how-to on
>>         setting
>>             up IPsec/VPN on xp & win7.
>>
>>
>>         For setting up the server, use the following: Use this link:
>>
>> http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/
>>
>>             I have 2 concerns. How much hesitation will VPN inject into
>>         watching
>>             tv programs or movies on my laptops in a foreign country? Will
>>             IPsec/VPN inject longer hesitations?
>>
>>
>>         I cannot tell about the latencies (I guess that is what you call
>>         hesitation :-)) because I haven't tried it.
>>
>>             Can I use the remote VPN client to start the show streaming
>>         and then
>>             have the VPN host record the program? Later down loading the
>>         program
>>             file to my laptop for viewing?
>>
>>
>>         That is beyond the scope of FreeBSD questions I guess :-)
>>         But maybe someone has done it and will give you their story.
>>
>>
>>
>>
>>     " For setting up the server, use the following: Use this link:
>>
>> http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/"
>>
>>     That link content is out-dated. The openvpn port/pkg does not
>>     include the easy-rsa scripts build-ca, build-key-server, build-key,
>>     build-dh that are described in that how-too. The certificates are
>>     the backbone of security for VPN and without correct documentation
>>     that how-to is useless. To make things even worse, the easy-rsa port
>>     is lacking a manual page.
>>
>>
>> That link is very comprehensive, but also if you applied a little common
>> sense, you'd realize that you can install easy-rsa either using the pkg or
>> ports. That's what I did and things work so well.
>>
>> root at waridi:/usr/local/etc/fail2ban # locate easy-rsa
>> /usr/ports/security/easy-rsa
>> /usr/ports/security/easy-rsa/Makefile
>> /usr/ports/security/easy-rsa/distinfo
>> /usr/ports/security/easy-rsa/files
>> /usr/ports/security/easy-rsa/files/easyrsa.in <http://easyrsa.in>
>> /usr/ports/security/easy-rsa/pkg-descr
>> /usr/ports/security/easy-rsa/pkg-plist
>> /usr/ports/security/easy-rsa2
>> /usr/ports/security/easy-rsa2/Makefile
>> /usr/ports/security/easy-rsa2/distinfo
>> /usr/ports/security/easy-rsa2/pkg-descr
>> /usr/ports/security/easy-rsa2/pkg-plist
>> root at waridi:/usr/local/etc/fail2ban # pkg search -x easy-rsa
>> easy-rsa-3.0.1_1               Small RSA key management package based on
>> openssl
>> easy-rsa2-2.2.2                Small RSA key management package based on
>> openssl
>> root at waridi:/usr/local/etc/fail2ban #
>> I used that link and it works wonders. I have users roaming everywhere.
>> All I have to do is generate client certs for them, download it to their
>> PCs, install the VPN client, configure it (change tun to tap, enable lzo,
>> disable prompting for username/password) and voila!
>>
>> Well, just search around for other HOWTOs.
>>
>>
>>
> Thanks for the details. I see the problem now. That how-to is based on
> easy-rsa2-2.2.2 which was installed as part of a older version of the
> openvpn port. The current version of openvpn port installs easy-rsa-3.0.1_1
> which is way different than easy-rsa2-2.2.2 which makes that openvpn
> install how-to out dated.
>
> Another difference is the version of openvpn installed by the current
> openvpn port is different than the openvpn version installed with the
> easy-rsa2-2.2.2 version of the port.
>
> Openvpn-2.3.11 now at start time wants "Enter Private key password".
> Need to find a way to stop this prompt so openvpn will start at boot time
> without human intervention.
>
>
>
>
>
>
>
>
>
>
>
>


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."

More information about the freebsd-questions mailing list