Solved

Openvpn questions

Posted on 2011-09-20
15
620 Views
Last Modified: 2012-05-12
Hi,

I managed to make an openvpn-connection  from behind proxy as well as 3G. TCP is activated on server as well as on client and works pretty well.
However I do have some additional questions I would like to have an answer to in this ticket:

*Is Webadmin page (see below) also possible for Synology NAS?
http://openvpn.net/index.php/access-server/docs/admin-guides/143-how-to-configure-openvpn-as-with-admin-web-ui.html
I can ssh to my nas, but how to continue to install the webadmin?

*Which traffic to route for client: just want Internet and my home addresses to be routed, work network should stay at work of course? iow = best practises

*how much traffic maintaining such a tunnel takes?

*in logfile: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
How to disable this correctly?

Thanks,
J.
0
Comment
Question by:janhoedt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 4
15 Comments
 
LVL 10

Expert Comment

by:simonlimon
ID: 36572599
Hm,

I think you can't access webadmin due to your browser proxy settings.

Can you add an exception for this website, can you try disabling the proxy in IE or your browser of choice :)?
Or you can add an exception for the website in your browser of choice?

In IE this is:

- Internet Options,
- Connections,
- Lan Settings
- Advanced, add exception on the bottom restart browser.

0
 

Author Comment

by:janhoedt
ID: 36572706
No, there is no proxy in between. I tried it on my lan at home. There is no webpage admin. Probably it is not implemented, I would like to do so.
0
 

Author Comment

by:janhoedt
ID: 36572817
I might have to open the port for openvpn admin page on my NAS (within iptables)?
Don't now directly how to do that, this is server config, admin should run on 1195 ....

SETTINGS SERVER:
-----------------
DS> vi openvpn.conf
push "route 192.168.1.0 255.255.255.0"
push "route 172.16.1.0 255.255.255.0"
dev tun

management 127.0.0.1 1195

server 172.16.1.0 255.255.255.0


dh /usr/local/synovpn/etc/openvpn/keys/dh1024.pem
ca /usr/local/synovpn/etc/openvpn/keys/ca.crt
cert /usr/local/synovpn/etc/openvpn/keys/server.crt
key /usr/local/synovpn/etc/openvpn/keys/server.key

max-clients 5

comp-lzo

persist-tun
persist-key

verb 3


#log-append /var/log/openvpn.log

keepalive 10 60
reneg-sec 0

plugin /usr/local/synovpn/lib/radiusplugin.so /usr/local/synovpn/etc/openvpn/rad
client-cert-not-required
username-as-common-name
duplicate-cn
proto tcp
~



auth-user-pass
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 

Author Comment

by:janhoedt
ID: 36572839
It's firewall on Synolgy! However, don't know how to change it.


DS> telnet 127.0.0.1 1195
>INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 36573060
"management 127.0.0.1 1195"

Could this mean this service is only listening on the localhost?

Could you replace 127.0.0.1 with 0.0.0.0 - all IPs

0
 

Author Comment

by:janhoedt
ID: 36573136
When I connect to the ip of the NAS, I get connection refused so its listening on that port.
The output you request doesn't do anything.


DS> telnet 0.0.0.0 - all IPs
BusyBox v1.16.1 (2011-09-04 02:18:34 CST) multi-call binary.
0
 

Author Comment

by:janhoedt
ID: 36573185
When I put the ip of the NAS instead of 127.0.0.1 and restart, go to the ip:1995 via webbrowser, I get this:

>INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 36573480
So to be clear, when you start the tunnel, you cannot access the Openvpn admin remotely, with the original settings?

With regard to the error, could you post the line that you changed?
0
 

Author Comment

by:janhoedt
ID: 36573503
Correct.

I changed this: management 127.0.0.1 1195
to this management ipofmynas 1195
Note: apparently the NAS runs iptables

Couldn't it be the adminpage should be installed extra?
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 36573509
I am not sure I understand this correctly:

*Which traffic to route for client: just want Internet and my home addresses to be routed, work network should stay at work of course? iow = best practises
You are connecting to the to office Openvpn or to home openvpn from the office? Are you using Openvpn bridged or tunneled?

*how much traffic maintaining such a tunnel takes?
I think there are only a few pings, unless you have mapped drives connected from the client to the NAS. Traffic will be greater then.
0
 

Author Comment

by:janhoedt
ID: 36573687
*Client: for testing purposes, I'm currently connected from office to home vpn (openvpn), I'm not sured if I use it bridged or tunneled, it's the default I use
0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36583800
Hi,

By default the management access are only to the local address (127.0.0.1) if you want to access remotely without compromise your server security change the listening IP to an address of the vpn tunnel.
I recomend that use a fixed ip instead dynamic (at least at your vpn-client config) so you and only you have a valid ip to manage the server.

Also open the ports on firewalls to reach it

-hope helps
0
 

Author Comment

by:janhoedt
ID: 36585361
Openvpn works great, except for the management of the openvpn. No firewall is blocking since no firewall appears to be active on NAS (there is on my router). Same result when I connect on LAN instead of openvpn.
Please advise.
0
 

Accepted Solution

by:
janhoedt earned 0 total points
ID: 36717223
Adding tcp-client and setting proxy to manual solved the issue.
0
 

Author Closing Comment

by:janhoedt
ID: 36902190
Nobodoy provided answer.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question