Dear clearos friends,
in this period of severe crisis in my country, I have a strong demand for the creation of a VPN for smart working.
I use OpenVpn on clearos with the integrated LDAP server, but on some platforms during the creation of the LDAP driver it goes in infinite loop and I don't know how to get out of it.
this is the message that loops:
Account Manager status
The installation of the driver counts, so be patient
Strange thing .. if I go on software updates I have the message that the software update is in progress
And The marketplace is Unavailable:
Another user or service is not currently using the package manager. The market is not available until the package management system becomes available.
in this period of severe crisis in my country, I have a strong demand for the creation of a VPN for smart working.
I use OpenVpn on clearos with the integrated LDAP server, but on some platforms during the creation of the LDAP driver it goes in infinite loop and I don't know how to get out of it.
this is the message that loops:
Account Manager status
The installation of the driver counts, so be patient
Strange thing .. if I go on software updates I have the message that the software update is in progress
And The marketplace is Unavailable:
Another user or service is not currently using the package manager. The market is not available until the package management system becomes available.
In OpenVPN
Share this post:
Responses (5)
-
Accepted Answer
It would be a lot easier if you could copy the commands I post into a terminal. You'll then get the answers I asked for directly. It would also be helpful if your put your ClearOS output between "code" tags - the piece of paper icon with a <> on it.
Anyway, you are dead in the water. For you LAN you've use a /8 netmask which allows you to have 256*256*256-2 devices on your LAN which is mega-corp territory. Unfortunately the subnet overlaps with the OpenVPN subnet. You have a couple of choices - reduce the LAN subnet to something sensible - either /16 or /24 or somewhere in between if you can. Check your DHCP server to see which range of IP's it was handing out as well. Or you can move openvpn to another subnet, say in the 172.16.0.0/12 range by changing the "server" line and restarting OpenVPN. Also change the "server" line in clients-tcp.conf as that overlaps as well.
As autoconfigure is set to "no" you're going to have to learn to configure OpenVPN by hand. I'm going offline for most of the day now so won't be able to help. -
Accepted Answer
clients.conf:
# Tip - if you are using this as a template for configuring other VPNs:
# - the ifconfig-pool-persist file must be unique
# - the port/protocol combination must be unique
# - different server IPs are recommended
# - don't forget about the firewall
port 1194
proto udp
dev tun
ca /etc/pki/CA/ca-cert.pem
cert /etc/pki/CA/sys-0-cert.pem
key /etc/pki/CA/private/sys-0-key.pem
dh /etc/openvpn/ssl/dh1024.pem
server 10.8.0.0 255.255.255.0
keepalive 10 120
user nobody
group nobody
multihome
persist-key
persist-tun
ifconfig-pool-persist /var/lib/openvpn/ipp.txt 120
status /var/lib/openvpn/openvpn-status.log
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
verb 3
push "dhcp-option DNS 10.10.1.253"
push "dhcp-option DOMAIN BIASOTTOPART.local"
push "dhcp-option WINS 10.10.1.253"
compress stub-v2
push "compress stub-v2"
push "route 10.10.1.0 255.0.0.0"
network.conf:
# Network mode
MODE="gateway"
# Network interface roles
EXTIF="eth0"
LANIF="eth1"
DMZIF=""
HOTIF=""
# Domain and Internet Hostname
DEFAULT_DOMAIN="BIASOTTOPART.local"
INTERNET_HOSTNAME="gateway.BIASOTTOPART.local"
# Extra LANS
EXTRALANS=""
# ISP Maximum Speeds
ETH0_MAX_DOWNSTREAM=0
ETH0_MAX_UPSTREAM=0
openvpn.conf
auto_configure = no
log of ifconfig:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 37.186.210.170 netmask 255.255.255.248 broadcast 37.186.210.175
inet6 fe80::215:5dff:fe01:5601 prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:01:56:01 txqueuelen 1000 (Ethernet)
RX packets 6534 bytes 882400 (861.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5165 bytes 1405537 (1.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.10.1.253 netmask 255.0.0.0 broadcast 10.255.255.255
inet6 fe80::215:5dff:fe01:5602 prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:01:56:02 txqueuelen 1000 (Ethernet)
RX packets 5749 bytes 1509661 (1.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5801 bytes 1329874 (1.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 440 bytes 74466 (72.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 440 bytes 74466 (72.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.10.1 netmask 255.255.255.255 destination 10.8.10.2
inet6 fe80::665a:1900:6c57:2c20 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3 bytes 144 (144.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
inet6 fe80::6d18:39b9:2020:d3fa prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 149 bytes 8184 (7.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 152 bytes 7440 (7.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
I compared the configuration with the one I have in my office (where everything works correctly) and it is the same, obviously the ip addresses change, I don't understand -
Accepted Answer
What is the contents of /etc/openvpn/clients.conf, /etc/clearos/network.conf, /etc/clearos/openvpn.conf and the result of "ifconfig | grep '\S' -A 1. Note you will not be able to browse the computers on your LAN but you *may* be able to connect to them. You should be able to connect to ClearOS. What is your external domain?
If your computers on your LAN are Windows, please see this part of the OpenVPN HowTo.
If you are using Gateway Management, please post back. -
Accepted Answer
the new problem, after restarting the firewall is that now with the vpn I connect but I don't see the other computers .. in the sense that I can't access the server from the outside .. I noticed that the .conf file created a rule for me wrong push, in the path 10.0.0.0 instead of 10.10.1.0 .. corrected the rule but nothing has changed .. in the dhcp server I saw that the dhcp rule calls me with 10.0.0.0 and distributes the correct network 10.10.1.0. Is there a way to rename the rule? because I'm afraid this is going to confuse everything -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »