Help with openvpn

M

MiraS

Hi there. I would need a really functional guide to successfully running openvpn in freebsd13. Please don't send links to the instructions, I've tried enough of them in two months
 
First question:
As a client or as a server?
As a client it's trivial.
Run the command as root. server.ovpn comes from the server side typically on a first connection. The password file is a cheat so you don't have to type user/pass in.
openvpn --config ~$USER/.vnc/server.ovpn --auth-user-pass ~$USER/.vnc/server.passwd --ping 10 --inactive 0
 
Thanks. I have a Freebsd13 desktop, and a router. I understood that I needed to install and run a server and then connect a client to my server. I am attaching openvpn.log in the attachment
Snímek obrazovky pořízený 2022-04-13 21-32-12.png
 
Here's mine log from start client.ovpn and rc.conf. I will be happy to help.
 

Attachments

  • Snímek obrazovky pořízený 2022-04-15 12-54-09.png
    Snímek obrazovky pořízený 2022-04-15 12-54-09.png
    529 KB · Views: 183
  • Snímek obrazovky pořízený 2022-04-15 12-56-54.png
    Snímek obrazovky pořízený 2022-04-15 12-56-54.png
    441.8 KB · Views: 167
If this is your client it does say why it fails?
"Got no response from radius server." --> "AUTH: Auth failed!"
You need to go from there
 
Diizzy. Yes. I know authentication failed. But I don't know why and I don't know where to go next. I think I need help with that.
 
I would take at the username/password being used by the openvpn client and verify that the radius server being used for authentication actually accepts that as valid. The OpenVPN server should simply be taking the credentials from the client and passing them to the Radius server. The Radius server is comes back to the OpenVPN server with pass/fail or authenticated/not authorized (whatever terms you prefer).

Start with assuming openvpn client to openvpn server is correct, then look at the Radius server that OpenVPN server is configured to use and make sure the username/password are correct and valid.

I do not have exact commands on the radius server to tell you to use.
 
Mer---: It is not possible to log in to the Radius server via https, because the username is an email, while no email is specified when generating login details in easy-rsa. Therefore, it is not possible to verify the name and password in any way. I tried to create several users to connect as an openvpn client, but in neither case was authentication accepted. I used my settings from: https://kifarunix.com/install-and-configure-openvpn-server-freebsd-12/ and https://pangnet.net/openvpn-freebsd-with-freeradius. Thank you very much for your help, I appreciate it and it bothers me that such a trivial matter on all other platforms is such a problem in freebsd.
 
msplsh said:
You've significantly increased the complexity of getting OpenVPN to work by trying to also get FreeRADIUS to work with it, so it's non-trivial.
Click to expand...
i second that, don't bother with user/pass if you don't REALLY need to
make it work with certs only in the first step, then ...
 
Sorry. I don't understand it at all. I don't need to know what not to do. I need to know what to do, but your advice leads me to some vague, absurd places that I have no idea what you want to tell me. Once again. Can you tell me how to run openvpn on freebsd ???????????????? Step by step ????? Still, thank you very much.
 
Step 1. Define your goals. What are you trying to accomplish?
Running OpenVPN isn't a goal, it's a means to archive a goal. Using a laptop from home to login on the company's network. That's a goal.

Step 2. Define your requirements.
Do you want/need to encrypt the traffic? Maybe you want to use the company's ADS, LDAP or TACACS for user management. Those are your requirements.

Step 3. Look for solutions that fit steps 1 and 2.
Based on your goals and requirements you may come to the conclusion OpenVPN could be used to archive those goals and requirements. You may also conclude it doesn't fit and you might need to look for other solutions.

"How to run openvpn" is open to a LOT of interpretation. There are many, many ways of configuring OpenVPN. Which configuration is suitable for you is going to depend on your goals and requirements. So start there first.
 
Thank you for your time. My intention is to connect to the web via openvpn and then check the ip address of my desktop that it has really changed and that the setup was successful. When I solve this, I will decide whether to use openvpn to access my NAS from the Internet. But that's the second thing. I don't want to deal with that right now. I was quite confused by the information that my first intention is simple and a matter of minutes. As I wrote in the introduction, I tried all sorts of recommendations and instructions step by step, but without success. I honestly don't believe anyone is successfully using openvpn in freebsd13. Because then there would be nothing easier than writing do it-> to -> it and you will have basic, but mainly FUNCTIONAL settings for connecting to the openvpn tunnel. I'm offering $ 20 for advice that will work. Not some well-meaning chatter.
 
MiraS said:
I tried all sorts of recommendations and instructions step by step
Click to expand...
But I don't see any errors that you're getting by trying to get it work without adding FreeRADIUS.

MiraS said:
I'm offering $ 20 for advice that will work. Not some well-meaning chatter.
Click to expand...

If you pay in patience and follow the instructions you already followed except left out FreeRADIUS (which is explicitly labeled optional), and then posted any problems you have, you could probably save $20.
 
You must log in or register to reply here.
Back
Top