[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Re: OpenVPN-GUI for Mac OS X Beta-Release


  • Subject: [Openvpn-users] Re: OpenVPN-GUI for Mac OS X Beta-Release
  • From: JP M <jpm_tmp2@xxxxxxxxx>
  • Date: Sat, 27 Nov 2004 15:14:53 +0000 (UTC)

Angelo Laub <al <at> rechenknecht.net> writes:

> [SNIP] 
> > B- In my -short- experience, the tap device for os X does not get
> >the
> > dhcp servers information (or does not forward it to the resolver ?).
> try putting the line "pull" in your client config file. this tells the
> openvpn client to get the dhcp information from the server.

Isn't  "push" and "pull" OpenVPN 2.0-specific ? DNS servers info is
crucial, but I'd like to use the full dhcp capabilities, and provide 
goodies like ntp, netbios,.. info if possible.

> > There is a dhcp server attached to my vpn, serving exclusively vpn
> > nodes. Currently I hack /private/etc/resolv.conf at openvpn startup
> > and
> > restore it when the tunnel closes as part of a command shell script 
> > that
> What is it exactly you do with this script? To my knowledge there 
> shouldn't be the need for any scripts, because openvpn sets the
correct 
> routes when it starts, and restores everything to normal when it
> quits.

Well the script does not much. It is a .command file that starts ovpn
with the 
options I want.
On windows I have a .bat file, on mac a .command:
>>>
#!/bin/bash
OVPN="/usr/local/openvpn" # OVPN 1.6
OPENVPNDIR="/Users/whatever"
RESOLVDIR="/var/run"
RESOLVCONF="resolv.conf"
VPN_NS="nameserver 192.168.1.1"

pushd $OPENVPNDIR
echo "Updating $RESOLVCONF"
cp $RESOLVDIR/$RESOLVCONF $RESOLVDIR/$RESOLVCONF-bak
awk -v NS="$VPN_NS" '{print;if(NR==1)print NS}'
$RESOLVDIR/$RESOLVCONF-bak > $RESOLVDIR/
$RESOLVCONF
echo "Starting OpenVPN. Press CTRL-C to exit the VPN"
($OVPN --cd $OPENVPNDIR --config ./main.conf --config ./me.conf)
echo "Restoring $RESOLVCONF"
mv $RESOLVDIR/$RESOLVCONF-bak $RESOLVDIR/$RESOLVCONF
echo "You're no longer part of the VPN."
popd
>>>
With win-tap32, the interface gets its IP address and the NS information
served by the dhcpd, no fuss. So this kind of hack is not needed.

> > launches openvpn. Can I put such a script under Library as well ? Or
do
> > some of you guys can make the tap device available in the mac's
Network
> > configuration  ?
> interesting idea, i have to think about it. but perhaps this in not 
> even necessary.

That would make the mac openvpn setup similar to the one on windows, 
where the tap is always up, and the openvpn tunnel started as needed
by clicking a .bat, or using a nice GUI ;-)


Going back to the certs: when I run my CA I go through an EXTRA step to
scratch the passphrase for the certs. I can perfectly live with the 
requirement for passphrase in the user cert, in order to use the GUI.

Regarding the version of openvpn: while you're providing the full 
binaries for Ovpn, which is great, I did not use that: I already had my 
stuff compiled and installed.
Once again, I can certainly live with your .dmg as the full -least
official- openvpn distro for OS X. But in that case, I'd recommand you 
include a SINGLE readme that makes clear that all components should be 
installed your way. 

Since I insist on using a bridged VPN (I want broadcasted services), and
I already have managed the many confs/ports pairs I need for my tunnels 
(cf. the conf split between generic main.conf and overriding me.confs), 
I don't really feel like going to OpenVPN 2.0 will help me. I am mostly 
unaware of OpenVPN 2.0. Would you recommend using Ovpn 2.0 for a 
bridged VPN ?

Thanks again. Later,

--JP


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users