but /dev/tun exists
> Mon Oct 17 10:30:07 2011 /sbin/ifconfig 10.8.0.1 pointopoint 10.8.0.2
> mtu 1500 ifconfig: SIOCSIFADDR: No such device
this must be because of the missing /dev/net/tun
perhaps you should use "-dev-node node"?
Explicitly set the device node rather than using /dev/net/tun,
/dev/tun, /dev/tap,
etc. If OpenVPN cannot figure out whether node is a TUN or TAP
device based on the
name, you should also specify --dev-type tun or --dev-type tap.
I notice just now that "--help" is not available on the shipped binary, I will
see if I can fix it.
You might then want to use "--cd /etc/openvpn", because files are there?
> Cannot open dh1024.pem for DH parameters:
> error:02001002:system library:fopen:No such file or directory: error
--cd dir
Change directory to dir prior to reading any files such as
configuration files, key
files, scripts, etc. dir should be an absolute path, with a
leading "/", and with-
out any references to the current directory such as "." or "..".
This option is useful when you are running OpenVPN in --daemon
mode, and you want
to consolidate all of your OpenVPN control files in one
location.
That's OK as long as you remember it latter :)
But you should refrain from changing things that can be configured using
configuration files. Latter you will have to verify how to use the default
/dev/tun device.
I know, I'm picky ;-)
They will be created as soon as you 'modprobe tun'. /dev/tun will be created by the tun kernel module, that is a tap/tun driver.
If it is absolutely necessary (i.e., the default can't be used throught the conf file) we can create /dev/net/tun and /dev/net/tap by using /etc/mdev.conf. I will take care of it, after you submit your initscript.
On Oct 18, 2011 8:29 PM, "Cam1878" <cameron...@gmail.com> wrote:
I just looked in the files and noticed that /dev/tun or /dev/tap does
not exist.
I'm going to have to include the commands from here:
http://wiki.vpslink.com/TUN/TAP_device_with_OpenVPN_or_Hamachi in the
startup script.
On Oct 17, 12:25 pm, Joao Cardoso <whoami.jc...@gmail.com> wrote: > On Monday, October 17, 2011 16:...
-- You received this message because you are subscribed to the Google Groups "Alt-F" group. To post...
To have the box dhcp server to be used, or other dhcp server in the box network, and be able to smb/nfs browse the box network, the simplest is to use vpn in bridged mode.
Is that what you are doing now?
On Oct 18, 2011 8:05 PM, "Cam1878" <cameron...@gmail.com> wrote:
After a bit of configuring on the client side of things, I managed to
connect to it perfectly.
It assigned me an IP and I was able to ping the server as well as
telnet to the device.
I'm going to try to change things around to set up network discovery
so I can use it as a network server as if it were on the same subnet.
Once it says initialization sequence completed you can just close the
SSH or telnet client and the vpn is running. I haven't set it up as a
daemon yet though.
On Oct 17, 5:06 pm, Cam1878 <cameron.tetf...@gmail.com> wrote: > I modified server.conf to solve th...
Good work.
I'm certain that I will need your help to create a GUI.
There are however some problems with your approach. You should not use the /Alt-F path in any circunstance.
I can't give more details by now.
Thanks.
-- You received this message because you are subscribed to the Google Groups "Alt-F" group. To pos...
hmm, ok.
Perhaps big organizations can sign their certificates using a well-know CA, so
that clients can automatically verify its authenticity?
Or just make ca.crt public? In a web page? Clients wouldn't be able to verify
that the server they are connecting to is indeed the one they desire? No,
because the in-the-midle-server miss the correct ca.key, right?
Oh well, I need to make a workshop on certificates and security :-
Have you tried to use a commercial VPN client to connect? Being limited to the
openVPN client is a severe restriction.
You see, I might be using a friend's laptop, with MS-W on it :-(
Thanks
No, I haven't, still busy integrating cryptodev, kernel modules and openssl;
and latter with openvnp, bridge-utill, initscripts and web pages.
There is a difference between a demo prototype, glued together with wires and
duct tape, and a user working solution ;-)
> I can't get openvpn to work on my Android tablet so I'm trying to look
> for alternatives for it. It works fine on my laptop though.
Looks like you have to "root" your android first. I haven't done it yet to
mine.
> I tried looking at how the GUI works for some of the other services
> but I don't know enough about html to get started on it.
Design a layout based on common needs would be possible:
Keys management:
-generate server CA button
-generate client key |client name entry field | generate button | revoke
button
Autentication:
-certificate only radiobutton | certificate and user/pass radiobutton | user-
pass only radiobutton (not possible in near future, requires PAM)
-routing radiobutton | bridged radiobutton
and so on. Complete but not overwhelming. Ah, and write the help page :-)
I'm sure it will not be as simple and complete as I would like, it takes too
long to put it all together and test everything.
bridge version works fine since 2 months.
No time for make scripts to run openvpn at startup time.
But if someone wants my configuration files...
Hi,
just wanted to mention that I got this working too. Using version 0.1RC3
It did need a little twittling, since apparently the tun-device is not created by OpenVPN as it should be. To get around this I used the instructions in the link given by Cam1878: http://wiki.vpslink.com/TUN/TAP_device_with_OpenVPN_or_Hamachi
So supposing you have a working OpenVPN config file (which I had confirmed previously with a PC), the steps are (this is basically just a summary of the things mentioned in this thread):
1) install the Alt-F openvpn package
2) load the tun module: >> modprobe tun
3) create the tunnel device (from link above):
>> mkdir -p /dev/net
>> ls /dev/net # confirm it's working (see link)
>> mknod /dev/net/tun c 10 200
>> chmod 600 /dev/net/tun
4) start OpenVPN:
>> openvpn --config client.conf
If the tun-device is not created manually, then OpenVPN will initialize fine (given a correct config), but will fail when creating the tun-device with the message:
Note: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
ifconfig: SIOCSIFADDR: No such device
Linux ifconfig failed: external program exited with error status: 1
Exiting
It would be nice, if we could work out, why OpenVPN can't create the tun-device by itself, as it usually should.
(tun|tap) 0:0 660 =net/%1
modprobe -r tun
rm -rf /dev/net
modprobe tun
Hi.
So it took a while. But I can confirm that modifying /etc/mdev.conf as you stated and redoing modprobe solves it.
Now OpenVPN is able to create the tun as well as the tap devices, when initializing a connection.
Only question now is how to 'modprobe tun' by default and have OpenVPN run at start-up (and daemon mode to keep it alive), so that the connection is setup by default after restarting.
ca /etc/openvpn/ca.crtcert /etc/openvpn/server.crtkey /etc/openvpn/server.key # This file should be kept secretdh /etc/openvpn/dh1024.pem
Ok. So I finally got around to trying this.
In principle the script works, but it's not optimal, since you make it hard-wired to the config file-name 'server.conf'.
In my case I am running openvpn on my NAS as the client of another server and aptly named the config-file 'client.conf'. I changed your script and remove the checks for the keys and then it worked nicely.
It gets problematic, if you have multiple config files, which can be the case if the NAS is a client and a server or a client to multiple VPNs.
I looked at the init-script of Raspbian on the Raspberry and they run openpvn for all config-files: /etc/openvpn/*.conf, which is perhaps what this script should also do. It would also require removing the checks for the config-files in /etc/openvpn/, which also aren't ideal, if for example you have server and client configs at the same time and would have the keys nicely separated in /etc/openvpn/server_keys and /etc/openvpn/client_keys.
But for the time being this script works perfectly for me. Just bringing in suggestions... :)
Hello, I am new to Alt-F and would like to start openvpn and connect to my vpn provider automatically. I did copy and unzip the attached script and reboot my device, in the network services openvpn daemon still stopped, and cannot start it, error message is S41openvpn : you must configure openvpn first
Hello,
I trying to make openVPN working. I did it previously on Debian and now I m trying on Alt-F.
When I try to modprobe tun, I got modprobe: module tun not found in modules.dep
I m running Alt-F 1.
Hello João,
Thank you or your reply. Yes I got a DNS-323. I already installed the mentioned packages.
I don't know why I can't modprobe tun.
[root@DNS-323]# lsmodModule Size Used by Not taintedusblp 8000 0
[root@DNS-323]# modprobe tun[root@DNS-323]# lsmodModule Size Used by Not taintedtun 15488 0usblp 8000 0
[root@DNS-323]# ls -l /dev/net/total 0crw-rw---- 1 root root 10, 200 Jan 9 18:51 tun
[root@DNS-323]# ls -l /lib/modules/4.4.86/kernel/drivers/net/tun.ko-rw-r--r-- 1 root root 25750 Sep 22 20:56 /lib/modules/4.4.86/kernel/drivers/net/tun.ko[root@DNS-323]# ipkg list_installed | grep -E modules\|vpnkernel-modules - 4.4.86 -kernel-modules-armv5 - 4.4.86 -openvpn - 2.2.1-3 -
We are talking about Alt-F 1.0.
This is what I got :
[root@zeNAS]# cd /lib/modules/4.4.86/kernel/drivers/net/
[root@zeNAS]# ls
mii.ko ppp slip tun.ko usb wireless
Ok, I got it.
Now :
[root@zeNAS]# modprobe tun.ko
modprobe: module tun.ko not found in modules.dep
So, tun.ko is not in modules.dep
Ok, I asked myself which kernel I use :
uname -a
Linux zeNAS 4.4.45 #1 Wed Jun 14 15:41:08 WEST 2017 armv5tel GNU/Linux
--
You received this message because you are subscribed to the Google Groups "Alt-F" group.
To unsubscribe from this group and stop receiving emails from it, send an email to alt-f+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/alt-f.
For more options, visit https://groups.google.com/d/optout.
You must have flashed the 1.0 *snapshot*. Flash the final 1.0
Oh OK ! I understand. I've just downloaded a new firmware from sourceforge. I ll install it asap. The NAS is 200km far from me, but like I have an ssh access so I can make a tunnel.
Does the update keep my presets and files ?