Openvpn questions

Hi,

I managed to make an openvpn-connection  from behind proxy as well as 3G. TCP is activated on server as well as on client and works pretty well.
However I do have some additional questions I would like to have an answer to in this ticket:

*Is Webadmin page (see below) also possible for Synology NAS?
http://openvpn.net/index.php/access-server/docs/admin-guides/143-how-to-configure-openvpn-as-with-admin-web-ui.html
I can ssh to my nas, but how to continue to install the webadmin?

*Which traffic to route for client: just want Internet and my home addresses to be routed, work network should stay at work of course? iow = best practises

*how much traffic maintaining such a tunnel takes?

*in logfile: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
How to disable this correctly?

Thanks,
J.
janhoedtAsked:
Who is Participating?
 
janhoedtConnect With a Mentor Author Commented:
Adding tcp-client and setting proxy to manual solved the issue.
0
 
simonlimonCommented:
Hm,

I think you can't access webadmin due to your browser proxy settings.

Can you add an exception for this website, can you try disabling the proxy in IE or your browser of choice :)?
Or you can add an exception for the website in your browser of choice?

In IE this is:

- Internet Options,
- Connections,
- Lan Settings
- Advanced, add exception on the bottom restart browser.

0
 
janhoedtAuthor Commented:
No, there is no proxy in between. I tried it on my lan at home. There is no webpage admin. Probably it is not implemented, I would like to do so.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
janhoedtAuthor Commented:
I might have to open the port for openvpn admin page on my NAS (within iptables)?
Don't now directly how to do that, this is server config, admin should run on 1195 ....

SETTINGS SERVER:
-----------------
DS> vi openvpn.conf
push "route 192.168.1.0 255.255.255.0"
push "route 172.16.1.0 255.255.255.0"
dev tun

management 127.0.0.1 1195

server 172.16.1.0 255.255.255.0


dh /usr/local/synovpn/etc/openvpn/keys/dh1024.pem
ca /usr/local/synovpn/etc/openvpn/keys/ca.crt
cert /usr/local/synovpn/etc/openvpn/keys/server.crt
key /usr/local/synovpn/etc/openvpn/keys/server.key

max-clients 5

comp-lzo

persist-tun
persist-key

verb 3


#log-append /var/log/openvpn.log

keepalive 10 60
reneg-sec 0

plugin /usr/local/synovpn/lib/radiusplugin.so /usr/local/synovpn/etc/openvpn/rad
client-cert-not-required
username-as-common-name
duplicate-cn
proto tcp
~



auth-user-pass
0
 
janhoedtAuthor Commented:
It's firewall on Synolgy! However, don't know how to change it.


DS> telnet 127.0.0.1 1195
>INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
0
 
simonlimonCommented:
"management 127.0.0.1 1195"

Could this mean this service is only listening on the localhost?

Could you replace 127.0.0.1 with 0.0.0.0 - all IPs

0
 
janhoedtAuthor Commented:
When I connect to the ip of the NAS, I get connection refused so its listening on that port.
The output you request doesn't do anything.


DS> telnet 0.0.0.0 - all IPs
BusyBox v1.16.1 (2011-09-04 02:18:34 CST) multi-call binary.
0
 
janhoedtAuthor Commented:
When I put the ip of the NAS instead of 127.0.0.1 and restart, go to the ip:1995 via webbrowser, I get this:

>INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
0
 
simonlimonCommented:
So to be clear, when you start the tunnel, you cannot access the Openvpn admin remotely, with the original settings?

With regard to the error, could you post the line that you changed?
0
 
janhoedtAuthor Commented:
Correct.

I changed this: management 127.0.0.1 1195
to this management ipofmynas 1195
Note: apparently the NAS runs iptables

Couldn't it be the adminpage should be installed extra?
0
 
simonlimonCommented:
I am not sure I understand this correctly:

*Which traffic to route for client: just want Internet and my home addresses to be routed, work network should stay at work of course? iow = best practises
You are connecting to the to office Openvpn or to home openvpn from the office? Are you using Openvpn bridged or tunneled?

*how much traffic maintaining such a tunnel takes?
I think there are only a few pings, unless you have mapped drives connected from the client to the NAS. Traffic will be greater then.
0
 
janhoedtAuthor Commented:
*Client: for testing purposes, I'm currently connected from office to home vpn (openvpn), I'm not sured if I use it bridged or tunneled, it's the default I use
0
 
hvillanuCommented:
Hi,

By default the management access are only to the local address (127.0.0.1) if you want to access remotely without compromise your server security change the listening IP to an address of the vpn tunnel.
I recomend that use a fixed ip instead dynamic (at least at your vpn-client config) so you and only you have a valid ip to manage the server.

Also open the ports on firewalls to reach it

-hope helps
0
 
janhoedtAuthor Commented:
Openvpn works great, except for the management of the openvpn. No firewall is blocking since no firewall appears to be active on NAS (there is on my router). Same result when I connect on LAN instead of openvpn.
Please advise.
0
 
janhoedtAuthor Commented:
Nobodoy provided answer.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.