[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Resolved: Mystery of openvpn.


  • Subject: [Openvpn-users] Resolved: Mystery of openvpn.
  • From: "Tibbs, Richard" <rwtibbs@xxxxxxxxxxx>
  • Date: Sun, 12 Dec 2004 10:52:32 -0500

Dear list, 
just thought I would let you know how things ended up with openvpn and
my wlan. A few comments below -- This was in response to a private email
from ged heywood, but I thought the list would like to know this as
well.

Also a question: How vulnerable is pre-shared key (static key in
openvpn-speak) to Man in the Middle attacks?

Synopsis:
I had to comment out my local on winxp and use float on the bering,
because every now and then the IP assigned to my wireless NIC by DHCP
would change.

As for the reasons the extra rules in shorewall were necessary, I found
from the shorewall list that the tunnel file config:
generic:udp:5000 
wasn't supported in my version of shorewall (1.4.2) . When things were
not working, I had been fibrillating between the config:
openvpn
and the generic line.  openvpn, as a tunnel config, is supported in my
version of shorewall.  

For IPsec, I am using Freeswan 1.99.6. That has been working as of 1
month ago. Took me 3 months of frustration back and forth with the
leaf-user list to get it right.  (Freeswan user list is nothing but
spam.)  In time I might upgrade to Strongswan, one of the successors to
freeswan.

HTH
Rick. 


===================  openvpn 1.6 on bering firewall ===============
# Use a dynamic tun device.
dev tun
# For compatability with 2.x openvpn clients/servers
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
# When using TLS-security (tls-server) uncomment this for 2.x
#key-method 2
disable-occ
local 192.168.1.254
float
# 10.1.1.1 is our local VPN endpoint
# 10.1.1.2 is our remote VPN endpoint (home wlan)
# ifconfig command is for backward compat. even though ip(2) is
supported
ifconfig 10.1.1.1 10.1.1.2
route 216.12.22.89

# Our pre-shared static key
secret static.key
verb 5
mute 10                     

===================== openvpn 2.0beta15 on winxp ====================

#local 192.168.1.4
remote 192.168.1.254

# Uncomment this line to use a different
# port number than the default of 5000.
 port 5000
disable-occ
dev tun

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ifconfig 10.1.1.2 10.1.1.1
route 192.168.1.254
secret secret.txt

ping-restart 60
 ping-timer-rem
 persist-tun

# keep-alive ping
ping 10

verb 9
mute 10



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users