Re: OpenVPN support questions

Crispin Flowerday wrote:
> Hi,

Hi Crispin.

> I have been trying the new openvpn support (0.2.0, ubuntu packages from
>, and have a few questions:
> - My office VPN uses certificates, and username / pass authentication,
> is this supported ?

No, not at the moment. But since basically all code is there it is no
problem. Will add that over the weekend.

> - When openvpn is spawned, does it log what it is doing anywhere?

The --syslog flag is added to OpenVPN so all essential logging
information should be available in syslog.

> Basically I can't get the vpn working, and even starting NM with
> --no-daemon doesn't appear to log anything from openvpn, so I'm not
> exactly sure why it isn't connecting.

Please check the syslog if there is any information. Please also give
"ps ax" a try (you must be quick to see the OpenVPN process after you
clicked on the connection in the NM applet).

> FWIW, the openvpn config file I got from the sysadmin looks like:
> client
> dev tap

That is a problem, we are using tun mode. I'm not absolutely sure about
the implications of using tap. I will have a look. Maybe all it takes is
a boolean flag in the optional information expander. It's getting tight
on the screen in this case though. Can someone send me a screenshot
(maybe off-list) of the widget running on a 1024x768 screen?

> proto udp
> remote 1194
> resolv-retry infinite
> nobind
> user  nobody
> group nogroup
> persist-key
> persist-tun

this is the information you give in the X.509 tab
> ca   ca.crt
> cert crispin-00.crt
> key  crispin-00.key

using this at the same time is not supported at the moment. As I said,
will have a look over the weekend.
> auth-user-pass
> ns-cert-type server

This must be set in the optional info expander.
> comp-lzo
> verb 3


    Tim Niemueller <tim niemueller de>
 Imagination is more important than knowledge. (Albert Einstein)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]