New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !

VPN (Virtual private network)

A collection of tips on howto tweak your Bubba.
Post Reply
carl
Posts: 474
Joined: 07 May 2008, 04:41

VPN (Virtual private network)

Post by carl »

So... You have now two BubbaTwo, one at home, and one at work, and you really want to combine them into one network?

Time to set up a virtual private network!

For this to work, you need both a home, and a work, two BubbaTwo, internet connection available at both work and home, and at least one of those connections must be externally accessible; for most people, this is usually home, as at work, the corporate firewall might not happily comply.

So with the basic assumption that home is our central location, we will host the "server" there.

First we SSH into the two bubbas and issues the command as root:

Code: Select all

apt-get install openvpn
at your home bubba, copy the folder /usr/share/doc/openvpn/examples/easy-rsa/ to /root;
Also copy /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz to /etc/openvpn and gunzip it

At the office bubba, copy /usr/share/doc/openvpn/examples/sample-config-files/client.conf to /etc/openvpn.

At home bubba, cd to /root/easy-rsa
Edit the file vars, and enter the required values at the bottom, KEY_COUNTRY is the two letter country code.

Now issue following command:

Code: Select all

. ./vars
./clean-all
./build-ca
The field Common Name during build-ca is required to be filled.

Now issue:

Code: Select all

./build-key-server server
As above, fill in a common name (for example "server"), and choose yes on all questions.

And again:

Code: Select all

./build-key client
And again, fill in a common name (for example "client"), and choose yes on everything.

We continue now by creating Diffie Hellman parameters:

Code: Select all

./build-dh
This might take a while.

Now copy the ca.crt, server.crt, server.key and the dh1024.pem file from the keys dir to /etc/openvpn;
Copy magically ca.crt, client.crt, client.key to the office bubba in /etc/openvpn.

now enter /etc/network and edit the firewall.conf, add following:

Code: Select all

-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT
And on the client side add

Code: Select all

-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
on both issue:

Code: Select all

iptables-restore < firewall.conf
Now this is done, we need to make an decision; we must have unique networks everywhere; and as the BubbaTwo defaults with 192.168.10.0, we need first to change that one one machine, for example to change it to 192.168.37.0 on the office machine, also remember that the networks must be unique in relation to adjacent networks on the other networks.

On the server, edit /etc/openvpn/server.conf

at the line starting with "server", set e unique network on both places.

In the client.conf file at the office, set the remote to your home ip/dns.

now on both, issue

Code: Select all

/etc/init.d/openvpn restart
Now, at your office, by pinging 10.8.0.1, your home bubba should answer.
'
That is basically it, more information can be found in http://openvpn.net/index.php/documentation/howto.html

/Carl
/Carl Fürstenberg, Excito Software Developer
http://www.excito.com
support@excito.com
Binkem
Posts: 388
Joined: 10 Jul 2008, 02:26

Post by Binkem »

Very nice, could i also use this to set up a vpn between my bubba at home and a windows-machine at work? (And if so, how?)

[EDIT:] Got it up and running, you have to install the Windows-client though. I'll try it at work to see how it functions :)
Last edited by Binkem on 13 Oct 2008, 12:24, edited 1 time in total.
Ton
Posts: 17
Joined: 29 Sep 2008, 06:16

Post by Ton »

Thanks for the nice howto, gonna try it this weekend.

Just one question, my bubba2 is behind my dsl router ( Fritzbox ), does this also work if I forward the VPN ports from the fritzbox to the bubba2 ?
When yes, which ports should be forwarded ?

BR

Ton.
Binkem
Posts: 388
Joined: 10 Jul 2008, 02:26

Post by Binkem »

I've got the Open VPN working (I can connect to my bubba via HTTP), but i'm still looking how to connect using SMB. Editing samba.conf as outlined in:
http://openvpn.net/index.php/documentation/howto.html
But if i do this SMB is no longer accessible from my home network and it is also unaccessible from via VPN. So I guess the is something else. I try to access my bubba via VPN from a computer running XP pro.

Martijn
Ton
Posts: 17
Joined: 29 Sep 2008, 06:16

Post by Ton »

Hi Martijn,

I solved the problem by adding the tun0 interface to my "interfaces" line in the smb.conf and as I remember ( have no access to my bubba at the moment ) the line below this "interfaces" had to be commented out to allow samba to broadcast on the tun0 interface, because it is a temporary interface. If you can't find the option I could have a look later.

BR.

Ton.
Binkem
Posts: 388
Joined: 10 Jul 2008, 02:26

Post by Binkem »

the line below this "interfaces" had to be commented out to allow samba to broadcast on the tun0 interface, because it is a temporary interface.
That was it. I had added the tun) interface, but i had no idea about uncommenting the next line.

Cheers

Martijn
rewien
Posts: 127
Joined: 27 Sep 2008, 18:10

VPN Deamon won't start

Post by rewien »

Hello all,

I did all the steps described above for the server side of vpn, but when i try to restart it on bubba two, it saids failed to start.

this is what i filled in:


The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'NL'
stateOrProvinceName :PRINTABLE:'Zuidholland'
localityName :PRINTABLE:'Rotterdam'
organizationName :PRINTABLE:'VPNServer'
organizationalUnitName:PRINTABLE:'server'
commonName :PRINTABLE:'server'
emailAddress :IA5STRING:'rewien@hotmail.com'

Is there something i'm missing?

I'm trying to set up bubba two as a vpn server so that some pc with windows xp could access it as clients
rewien
Posts: 127
Joined: 27 Sep 2008, 18:10

Re: VPN Deamon won't start

Post by rewien »

rewien wrote:Hello all,

I did all the steps described above for the server side of vpn, but when i try to restart it on bubba two, it saids failed to start.

this is what i filled in:


The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'NL'
stateOrProvinceName :PRINTABLE:'Zuidholland'
localityName :PRINTABLE:'Rotterdam'
organizationName :PRINTABLE:'VPNServer'
organizationalUnitName:PRINTABLE:'server'
commonName :PRINTABLE:'server'
emailAddress :IA5STRING:'rewien@hotmail.com'

Is there something i'm missing?

I'm trying to set up bubba two as a vpn server so that some pc with windows xp could access it as clients
Got it up working, use this extra: http://www.hostingelite.nl/page.php?ite ... etup-howto

Had my config file wrong

Thanks,
Rewien
athenaz
Posts: 1
Joined: 27 Nov 2009, 02:47

Re: VPN (Virtual private network)

Post by athenaz »

Can a company track what internet site I am visiting if I am on their VPN? What if I am not connected to the VPN? Can they still track, if it is a company computer?
___________________
external keyword tool ~ keyworddiscovery.com ~ keycompete.com ~ compete.com ~ webmasterworld.com
Last edited by athenaz on 30 Nov 2009, 04:41, edited 1 time in total.
Binkem
Posts: 388
Joined: 10 Jul 2008, 02:26

Re: VPN (Virtual private network)

Post by Binkem »

If you are on a vpn your internet access may be routed via the VPN (I don't know the specifics, perhaps someone can explain this better and tell you how to set which IP adresses are routed via the VPN and which are routed over your regular internet connection.
If you are surfing the net using your private internet connection the only way to track your internet access is via a (software) logger installed on your computer or by accessing the internet history on your PC (if you don't wipe this).
ejvn
Posts: 5
Joined: 08 Mar 2010, 09:23

Re: VPN (Virtual private network)

Post by ejvn »

The issue below is solved:
See
http://forum.excito.net/viewtopic.php?f ... vpn#p11708

---------------------
Using the post of carl, I installed openvpn on the Bubba Two, but I only want to use it as a client for an external openvpn service.

My bubba two is configured as "router+firewall+server", and I would like to use the openvpn client to route all the traffic through the vpn (so all connected computers can make use of the vpn).

The issue I encounter is that after the client vpn is started (without giving errors), all traffic is NOT routed through the tunnel: actually no traffic is possible at all.

After that, NO internet traffic is possible any more.. (even a PING or traceroute on the router cannot find a computer, not even my providing the ip address. :-(
So something is wrong with the routing, I assume.

Any ideas or hints?

With kind regards,

Ernst Jan
Post Reply