[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Openvpn-users Digest, Vol 12, Issue 10


  • Subject: Re: [Openvpn-users] Openvpn-users Digest, Vol 12, Issue 10
  • From: Peter Barwich <pbarwich@xxxxxxxxxxx>
  • Date: Wed, 09 May 2007 17:26:17 +0100

Stephen o'Donnell

You might try 3Proxy (just google). It appears to be available for Linux 
tho' I haven't tried on that OS. On XP however it works fine. The 
easiest thing on your remote PC is to install ProxyCap which makes it 
easy to socksify any internet aware application. You say you don't need 
encryption but is this true? Will your restrictive sysadmins not cut you 
off when they see what you're accessing via proxy? If not then you don't 
need OVPN, or ssh. Remember if the sysadmin might object then even 
encryption might not save you. Simply the presence of loads of encrypted 
traffic from your machine may get him suspicious.

Peter

openvpn-users-request@xxxxxxxxxxxxxxxxxxxxx wrote:
> Send Openvpn-users mailing list submissions to
> 	openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.sourceforge.net/lists/listinfo/openvpn-users
> or, via email, send a message with subject or body 'help' to
> 	openvpn-users-request@xxxxxxxxxxxxxxxxxxxxx
>
> You can reach the person managing the list at
> 	openvpn-users-owner@xxxxxxxxxxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Openvpn-users digest..."
>   
> ------------------------------------------------------------------------
>
> Today's Topics:
>
>    1. Openvpn newbie question (Stephen O'Donnell)
>    2. Re: Openvpn newbie question (Erich Titl)
>    3. openvpn PKCS#11 problem in Windows XP (Mister T)
>    4. Re: openvpn PKCS#11 problem in Windows XP (Alon Bar-Lev)
>   
>
> ------------------------------------------------------------------------
>
> Subject:
> [Openvpn-users] Openvpn newbie question
> From:
> "Stephen O'Donnell" <stephen.odonnell@xxxxxxxxx>
> Date:
> Mon, 7 May 2007 12:41:46 +1000
> To:
> openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>
> To:
> openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>
>
> Guys,
>
> I have been pouring over the documentation attempting figure out how 
> to setup the simplist VPN possible, and I am getting quite confused - 
> this is my problem:
>
> I am staying away from home, and I have internet access but only to 
> standard web ports (80, 443, etc), so I cannot access my home machine 
> over ssh as normal, or access some other internet services I use that 
> don't run on port 80. 
>
> My home machine is a linux router that has NAT and an iptables 
> firewall setup and I can access it remotely.  It has a public IP 
> address, and a local IP 192.168.0.1 <http://192.168.0.1> (two NIC cards).
>
> I would like to create a VPN to my home machine (that I can run on 
> port 443 on the server so I can access it from my remote location), so 
> I can make all traffic from the client PC go over the VPN into my home 
> machine, which will provide the bridge to the internet.  I guess what 
> I really want is to use my home machine as a proxy for all my traffic, 
> effectively bypassing the gateway firewall rules at my current 
> location which I cannot change.
>
> My home machine is Linux, the client will be Windows XP.  IP address 
> at the client location are all 192.168.0.x.
>
> What is the simplist configuration I can use achive my goal?  
> Encryption is not even important, and I will be the only user, so it 
> doesnt have to scale!
>
> Any help is greatly appreciated.
>
> Thanks,
>
> Stephen.
>
>
>
> ------------------------------------------------------------------------
>
> Subject:
> Re: [Openvpn-users] Openvpn newbie question
> From:
> Erich Titl <erich.titl@xxxxxxxx>
> Date:
> Mon, 07 May 2007 06:07:16 +0000
> To:
> "Stephen O'Donnell" <stephen.odonnell@xxxxxxxxx>
>
> To:
> "Stephen O'Donnell" <stephen.odonnell@xxxxxxxxx>
> CC:
> openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>
>
> Hi
>
> Stephen O'Donnell wrote:
>   
>> Guys,
>>
>>     
> ...
>   
>> My home machine is Linux, the client will be Windows XP.  IP address at
>> the client location are all 192.168.0.x.
>>
>> What is the simplist configuration I can use achive my goal?  Encryption
>> is not even important, and I will be the only user, so it doesnt have to
>> scale!
>>     
>
> A simple client/server set up, you will have to NAT the vpn traffic and
> use redirect-gateway
>
> cheers
>
> Erich
>
>
>
>
>   
>
> ------------------------------------------------------------------------
>
> Subject:
> [Openvpn-users] openvpn PKCS#11 problem in Windows XP
> From:
> "Mister T" <internetthierry@xxxxxxxxx>
> Date:
> Mon, 7 May 2007 16:30:28 +0200
> To:
> openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>
> To:
> openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>
>
> Dear,
> In linux my Starcos smartcard is working fine. I was able to put the required keys and 
> certificates on it with pkcs15-init. Using it to authenticate and setup a openvpn 
> tunnel also works fine.
>
>
> In Windows XP though, the smartcard is listed by the opensc-tool and also accessible via 
> "opensc-explorer -r 1" but openvpn seems having problem with the PIN or the card.
>
> Can you advice me what to do to get openvpn working in Windows XP.
>
>
> Thanks,
> Thierry
>
> hereunder the output of some commands:
>
> c:\Program Files\Smart card bundle>opensc-tool -l
>      0  pcsc  O2Micro PCMCIA Reader 0
>      1  pcsc  OMNIKEY Cardman 6121 0
>
>
> C:\Program Files\Smart card bundle>opensc-tool -nv -r 1
>      Connecting to card in reader OMNIKEY CardMan 6121 0...
>      Using card driver STARCOS SPK 2.3.
>      Card name: STARCOS SPK 2.3
>
> C:\Program Files\Smart card bundle>openvpn --show-pkcs11-slots "C:\\Program Files\\Smart card bundle\\opensc-
> pkcs11.dll"
> unable to enumerate apps: Wrong length
> pkcs15.c:711:sc_pkcs15_bind: returning with: Unsupported card
> Provider Information:
>         cryptokiVersion:        2.11
>         manufacturerID:         OpenSC Project (
> www.opensc-proje
>         flags:                  0
>
> The following slots are available for use with this provider.
> Each slot shown below may be used as a parameter to a
> --pkcs11-slot-type and --pkcs11-slot options.
>
>
> Slots: (id - name)
>         0 - O2Micro PCMCIA Reader 0
>         1 - O2Micro PCMCIA Reader 0
>         2 - O2Micro PCMCIA Reader 0
>         3 - O2Micro PCMCIA Reader 0
>         4 - OMNIKEY CardMan 6121 0
>
>         5 - OMNIKEY CardMan 6121 0
>         6 - OMNIKEY CardMan 6121 0
>         7 - OMNIKEY CardMan 6121 0
>
>
> C:\Program Files\Smart card bundle>openvpn --show-pkcs11-objects "C:\\Program Files\\Smart card bundle\\opensc-
> pkcs11.dll" 4
> PIN:
> unable to enumerate apps: Wrong length
> pkcs15.c:711:sc_pkcs15_bind: returning with: Unsupported card
> Token Information:
>         label:
>         manufacturerID:
>         model:
>
>         serialNumber:
>         flags:          00000000
>
>
> You can access this token using
>
> --pkcs11-slot-type "label" --pkcs11-slot "" options.
>
> PKCS#11: Cannot login to token on slot 4 258-'CKR_USER_PIN_NOT_INITIALIZED'
> The following objects are available for use with this token.
>
>
>
> Each object shown below may be used as a parameter to
> --pkcs11-id-type and --pkcs11-id options.
>
>
>
> C:\Program Files\Smart card bundle>opensc-explorer -r 1
> OpenSC Explorer version 0.11.1
>
> OpenSC [3F00]> info
>
> Dedicated File  ID 3F00
> File path:     3F00
> File size:     0 bytes
> ACL for SELECT:          N/A
> ACL for LOCK:            N/A
> ACL for DELETE:          N/A
> ACL for CREATE:          N/A
>
> ACL for REHABILITATE:    N/A
> ACL for INVALIDATE:      N/A
> ACL for LIST FILES:      N/A
>
> OpenSC [3F00]> cd 5015
> OpenSC [3F00/5015]> cat 4401
> 00000000: 30 40 30 1A 0C 14 53 65 63 75 72 69 74 79 20 4F 0 <at> 0...Security O
>
> 00000010: 66 66 69 63 65 72 20 50 49 4E 03 02 06 C0 30 03 fficer PIN....0.
> 00000020: 04 01 FF A1 1D 30 1B 03 02 00 0D 0A 01 01 02 01 .....0..........
> 00000030: 06 02 01 08 80 01 01 04 01 00 30 06 04 04 3F 00 ..........0...?.
>
> 00000040: 50 15 30 3B 30 15 0C 0F 50 49 4E 20 5B 42 61 73 P.0;0...PIN [Bas
> 00000050: 69 63 20 50 49 4E 5D 03 02 06 C0 30 03 04 01 01 ic PIN]....0....
> 00000060: A1 1D 30 1B 03 02 02 4C 0A 01 01 02 01 04 02 01 ..0....L........
>
> 00000070: 08 80 01 83 04 01 00 30 06 04 04 3F 00 50 15 00 .......0...?.P..
> 00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>
> 000000A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 000000B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 000000C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>
> 000000D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 000000E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 000000F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>
> OpenSC [3F00/5015]> q
>
>   
>
> ------------------------------------------------------------------------
>
> Subject:
> Re: [Openvpn-users] openvpn PKCS#11 problem in Windows XP
> From:
> "Alon Bar-Lev" <alon.barlev@xxxxxxxxx>
> Date:
> Mon, 7 May 2007 19:53:26 +0300
> To:
> "Mister T" <internetthierry@xxxxxxxxx>
>
> To:
> "Mister T" <internetthierry@xxxxxxxxx>
> CC:
> openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>
>
> On 5/7/07, Mister T <internetthierry@xxxxxxxxx> wrote:
>> In Windows XP though, the smartcard is listed by the opensc-tool and 
>> also
>> accessible via
>> "opensc-explorer -r 1" but openvpn seems having problem with the PIN 
>> or the
>> card.
>
> You are working with the same card via two different interfaces.
> In order to see if the PKCS#11 is setup correctly, please use 
> pkcs11-tool.
>
> If this command does not work, OpenVPN will also not be able to use 
> the token.
> $ pkcs11-tool --module "C:\Program Files\Smart card bundle\opensc-
> pkcs11.dll"  --list-objects
>
> pkcs11-tool should also be provided by OpenSC package.
>
> BTW: Please try to run this command with the same smartcard on Linux,
> verify that you got this right.
>
> Best Regards,
> Alon Bar-Lev.
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ------------------------------------------------------------------------
>
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>   


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users