Solved

Openvpn questions

Posted on 2011-09-20
15
623 Views
Last Modified: 2012-05-12
Hi,

I managed to make an openvpn-connection  from behind proxy as well as 3G. TCP is activated on server as well as on client and works pretty well.
However I do have some additional questions I would like to have an answer to in this ticket:

*Is Webadmin page (see below) also possible for Synology NAS?
http://openvpn.net/index.php/access-server/docs/admin-guides/143-how-to-configure-openvpn-as-with-admin-web-ui.html
I can ssh to my nas, but how to continue to install the webadmin?

*Which traffic to route for client: just want Internet and my home addresses to be routed, work network should stay at work of course? iow = best practises

*how much traffic maintaining such a tunnel takes?

*in logfile: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
How to disable this correctly?

Thanks,
J.
0
Comment
Question by:janhoedt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 4
15 Comments
 
LVL 10

Expert Comment

by:simonlimon
ID: 36572599
Hm,

I think you can't access webadmin due to your browser proxy settings.

Can you add an exception for this website, can you try disabling the proxy in IE or your browser of choice :)?
Or you can add an exception for the website in your browser of choice?

In IE this is:

- Internet Options,
- Connections,
- Lan Settings
- Advanced, add exception on the bottom restart browser.

0
 

Author Comment

by:janhoedt
ID: 36572706
No, there is no proxy in between. I tried it on my lan at home. There is no webpage admin. Probably it is not implemented, I would like to do so.
0
 

Author Comment

by:janhoedt
ID: 36572817
I might have to open the port for openvpn admin page on my NAS (within iptables)?
Don't now directly how to do that, this is server config, admin should run on 1195 ....

SETTINGS SERVER:
-----------------
DS> vi openvpn.conf
push "route 192.168.1.0 255.255.255.0"
push "route 172.16.1.0 255.255.255.0"
dev tun

management 127.0.0.1 1195

server 172.16.1.0 255.255.255.0


dh /usr/local/synovpn/etc/openvpn/keys/dh1024.pem
ca /usr/local/synovpn/etc/openvpn/keys/ca.crt
cert /usr/local/synovpn/etc/openvpn/keys/server.crt
key /usr/local/synovpn/etc/openvpn/keys/server.key

max-clients 5

comp-lzo

persist-tun
persist-key

verb 3


#log-append /var/log/openvpn.log

keepalive 10 60
reneg-sec 0

plugin /usr/local/synovpn/lib/radiusplugin.so /usr/local/synovpn/etc/openvpn/rad
client-cert-not-required
username-as-common-name
duplicate-cn
proto tcp
~



auth-user-pass
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 

Author Comment

by:janhoedt
ID: 36572839
It's firewall on Synolgy! However, don't know how to change it.


DS> telnet 127.0.0.1 1195
>INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 36573060
"management 127.0.0.1 1195"

Could this mean this service is only listening on the localhost?

Could you replace 127.0.0.1 with 0.0.0.0 - all IPs

0
 

Author Comment

by:janhoedt
ID: 36573136
When I connect to the ip of the NAS, I get connection refused so its listening on that port.
The output you request doesn't do anything.


DS> telnet 0.0.0.0 - all IPs
BusyBox v1.16.1 (2011-09-04 02:18:34 CST) multi-call binary.
0
 

Author Comment

by:janhoedt
ID: 36573185
When I put the ip of the NAS instead of 127.0.0.1 and restart, go to the ip:1995 via webbrowser, I get this:

>INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
ERROR: unknown command, enter 'help' for more options
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 36573480
So to be clear, when you start the tunnel, you cannot access the Openvpn admin remotely, with the original settings?

With regard to the error, could you post the line that you changed?
0
 

Author Comment

by:janhoedt
ID: 36573503
Correct.

I changed this: management 127.0.0.1 1195
to this management ipofmynas 1195
Note: apparently the NAS runs iptables

Couldn't it be the adminpage should be installed extra?
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 36573509
I am not sure I understand this correctly:

*Which traffic to route for client: just want Internet and my home addresses to be routed, work network should stay at work of course? iow = best practises
You are connecting to the to office Openvpn or to home openvpn from the office? Are you using Openvpn bridged or tunneled?

*how much traffic maintaining such a tunnel takes?
I think there are only a few pings, unless you have mapped drives connected from the client to the NAS. Traffic will be greater then.
0
 

Author Comment

by:janhoedt
ID: 36573687
*Client: for testing purposes, I'm currently connected from office to home vpn (openvpn), I'm not sured if I use it bridged or tunneled, it's the default I use
0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36583800
Hi,

By default the management access are only to the local address (127.0.0.1) if you want to access remotely without compromise your server security change the listening IP to an address of the vpn tunnel.
I recomend that use a fixed ip instead dynamic (at least at your vpn-client config) so you and only you have a valid ip to manage the server.

Also open the ports on firewalls to reach it

-hope helps
0
 

Author Comment

by:janhoedt
ID: 36585361
Openvpn works great, except for the management of the openvpn. No firewall is blocking since no firewall appears to be active on NAS (there is on my router). Same result when I connect on LAN instead of openvpn.
Please advise.
0
 

Accepted Solution

by:
janhoedt earned 0 total points
ID: 36717223
Adding tcp-client and setting proxy to manual solved the issue.
0
 

Author Closing Comment

by:janhoedt
ID: 36902190
Nobodoy provided answer.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question