• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

FANTASTIC VIDEO for Road Warrior VPN with local user database pf2.0

Scheduled Pinned Locked Moved OpenVPN
10 Posts 3 Posters 4.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J Offline
    jaredadams
    last edited by Jul 31, 2011, 8:35 PM

    http://www.youtube.com/watch?v=odjviG-KDq8

    There arent many guides for pfsense 2.0 let alone a video.

    This video shows step by step how to setup Road Warrior VPN and authentication vs a local user database.

    Now that I've been turned onto the local user database I like this method much better.  Seems much easier to manage users.

    One question…. I would like to elimiate the user login and start openvpn as a service.  Is this possible?

    1 Reply Last reply Reply Quote 0
    • M Offline
      Metu69salemi
      last edited by Aug 1, 2011, 6:07 AM

      do you mean in clients? if so read this

      1 Reply Last reply Reply Quote 0
      • J Offline
        jaredadams
        last edited by Aug 1, 2011, 1:40 PM

        When a client uses the gui to connect they are prompted to enter a username and password.  Can the config file be edited to supply this information automatically so that a user is not prompted for it.

        I'd like t to run as a service.  Just start up and run.  No intervention by our "intelligent" users.

        1 Reply Last reply Reply Quote 0
        • M Offline
          Metu69salemi
          last edited by Aug 1, 2011, 2:06 PM

          That link had also info of run as service oportunity

          1 Reply Last reply Reply Quote 0
          • J Offline
            jaredadams
            last edited by Aug 2, 2011, 1:20 PM

            @Metu69salemi:

            That link had also info of run as service oportunity

            Where did you see this?

            After I completed the video and successfully login using the OpenVPN gui I tried to run it as a service.  It was a no go.  I believe its because I'm not entering the username and password.  As its running as a service its not prompting me for one.

            Can the username and password information be included in the config file (the .ovpn file)?

            1 Reply Last reply Reply Quote 0
            • M Offline
              Metu69salemi
              last edited by Aug 2, 2011, 8:02 PM

              A lot of quoting from openvpn sites

              Running OpenVPN as a Windows Service
              
              When OpenVPN runs as a service it will start a separate OpenVPN process for each configuration file it finds in the \Program Files\OpenVPN\config directory and will output a logfile of the same name to the \Program Files\OpenVPN\log directory.
              
              When installed as a service, OpenVPN will default to manual start mode. You can go to the "Services" control panel in Control Panel -> Administrative Tools to start the service or to set it to Automatic Start mode.
              
              A sample config file has been provided in \Program Files\OpenVPN\config\sample.ovpn.txt which can be adapted to your needs.
              Service Notes:
              
                  When you install OpenVPN as a service, you are actually installing openvpnserv.exe which is a service wrapper for OpenVPN, i.e. it reads the config file directory and starts up a separate OpenVPN process for each config file. openvpnserv.exe performs the same function under windows as the /etc/init.d/openvpn startup script does under linux.
                  When you stop the OpenVPN service, it will send a terminate signal to all OpenVPN processes which were started by it.
                  If the OpenVPN service wrapper (openvpnserv.exe) encounters fatal errors, it will write them to the windows event log, which can be viewed in Control Panel -> Administrative Tools -> Event Viewer -> Application Log.
                  If the OpenVPN processes themselves encounter errors, they will write them to their respective log files in the log file directory.
                  There is a one-to-one correspondence between an OpenVPN process, an OpenVPN config file, an OpenVPN log file, and a TAP-Win32 adapter which represents an endpoint of a VPN tunnel.
                  OpenVPN tunnels are point-to-point in their simplest form, but can be made point-to-multi-point through the use of bridging or routing (see below).
                  Multiple OpenVPN processes can run concurrently, each on a different TAP-Win32 adapter.
                  openvpn.exe gets all configuration information from its config file, not from the registry.
                  The openvpnserv.exe program (the service wrapper) gets several string parameters from the registry which can be modified by the user. If you change any of these parameters, you should be able to upgrade OpenVPN to a new version without the installer overwriting your changes:
              
                  HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN
              
                  config_dir
                      configuration file directory to scan, defaults to "\Program Files\OpenVPN\config"
                  config_ext
                      file extension on configuration files, defaults to "ovpn"
                  exe_path
                      path to openvpn.exe, defaults to "\Program Files\OpenVPN\bin\openvpn.exe"
                  log_dir
                      log file directory, defaults to "\Program Files\OpenVPN\log"
                  log_append
                      if set to "1", multiple instantiations of an OpenVPN process will append onto the same log file, if set to "0" (default), each new instantiation will truncate the previous log file
                  priority
                      the windows priority class for each instantiated OpenVPN process, can be one of:
                          "IDLE_PRIORITY_CLASS"
                          "BELOW_NORMAL_PRIORITY_CLASS"
                          "NORMAL_PRIORITY_CLASS" (default)
                          "ABOVE_NORMAL_PRIORITY_CLASS"
                          "HIGH_PRIORITY_CLASS"
              
              
              1 Reply Last reply Reply Quote 0
              • N Offline
                Nachtfalke
                last edited by Aug 2, 2011, 8:19 PM

                @jaredadams:

                @Metu69salemi:

                That link had also info of run as service oportunity

                (…)

                Can the username and password information be included in the config file (the .ovpn file)?

                If the username/password is in the config file I do not see any additional security. So you could just use certificates. This is less to configure on server and client site and if you want to stop a client by connecting to your server, just revoke the certificate.

                Sorry for not answering you question with the user/pw in config file.

                1 Reply Last reply Reply Quote 0
                • J Offline
                  jaredadams
                  last edited by Aug 3, 2011, 12:08 AM

                  @Metu69salemi:

                  A lot of quoting from openvpn sites

                  Running OpenVPN as a Windows Service
                  
                  When OpenVPN runs as a service it will start a separate OpenVPN process for each configuration file it finds in the \Program Files\OpenVPN\config directory and will output a logfile of the same name to the \Program Files\OpenVPN\log directory.
                  
                  When installed as a service, OpenVPN will default to manual start mode. You can go to the "Services" control panel in Control Panel -> Administrative Tools to start the service or to set it to Automatic Start mode.
                  
                  A sample config file has been provided in \Program Files\OpenVPN\config\sample.ovpn.txt which can be adapted to your needs.
                  Service Notes:
                  
                      When you install OpenVPN as a service, you are actually installing openvpnserv.exe which is a service wrapper for OpenVPN, i.e. it reads the config file directory and starts up a separate OpenVPN process for each config file. openvpnserv.exe performs the same function under windows as the /etc/init.d/openvpn startup script does under linux.
                      When you stop the OpenVPN service, it will send a terminate signal to all OpenVPN processes which were started by it.
                      If the OpenVPN service wrapper (openvpnserv.exe) encounters fatal errors, it will write them to the windows event log, which can be viewed in Control Panel -> Administrative Tools -> Event Viewer -> Application Log.
                      If the OpenVPN processes themselves encounter errors, they will write them to their respective log files in the log file directory.
                      There is a one-to-one correspondence between an OpenVPN process, an OpenVPN config file, an OpenVPN log file, and a TAP-Win32 adapter which represents an endpoint of a VPN tunnel.
                      OpenVPN tunnels are point-to-point in their simplest form, but can be made point-to-multi-point through the use of bridging or routing (see below).
                      Multiple OpenVPN processes can run concurrently, each on a different TAP-Win32 adapter.
                      openvpn.exe gets all configuration information from its config file, not from the registry.
                      The openvpnserv.exe program (the service wrapper) gets several string parameters from the registry which can be modified by the user. If you change any of these parameters, you should be able to upgrade OpenVPN to a new version without the installer overwriting your changes:
                  
                      HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN
                  
                      config_dir
                          configuration file directory to scan, defaults to "\Program Files\OpenVPN\config"
                      config_ext
                          file extension on configuration files, defaults to "ovpn"
                      exe_path
                          path to openvpn.exe, defaults to "\Program Files\OpenVPN\bin\openvpn.exe"
                      log_dir
                          log file directory, defaults to "\Program Files\OpenVPN\log"
                      log_append
                          if set to "1", multiple instantiations of an OpenVPN process will append onto the same log file, if set to "0" (default), each new instantiation will truncate the previous log file
                      priority
                          the windows priority class for each instantiated OpenVPN process, can be one of:
                              "IDLE_PRIORITY_CLASS"
                              "BELOW_NORMAL_PRIORITY_CLASS"
                              "NORMAL_PRIORITY_CLASS" (default)
                              "ABOVE_NORMAL_PRIORITY_CLASS"
                              "HIGH_PRIORITY_CLASS"
                  
                  

                  I read that.

                  I know how to start it as a service.

                  When I start the service it does not connect.

                  I assume this is because it does not prompt for a un/pw when one is needed to connect

                  I would like to know if this information can be included in the config file.

                  Am I being unclear with my question?

                  1 Reply Last reply Reply Quote 0
                  • J Offline
                    jaredadams
                    last edited by Aug 3, 2011, 12:10 AM

                    @Nachtfalke:

                    @jaredadams:

                    @Metu69salemi:

                    That link had also info of run as service oportunity

                    (…)

                    Can the username and password information be included in the config file (the .ovpn file)?

                    If the username/password is in the config file I do not see any additional security. So you could just use certificates. This is less to configure on server and client site and if you want to stop a client by connecting to your server, just revoke the certificate.

                    Sorry for not answering you question with the user/pw in config file.

                    If a client's machine was ever comprimised I could easily disable the user in pfsense.  I'm not worried about that additional level of security.

                    Is there really nobody who knows if the un/pw can be inserted into the config file and its syntax to do so?

                    1 Reply Last reply Reply Quote 0
                    • M Offline
                      Metu69salemi
                      last edited by Aug 3, 2011, 4:25 AM

                      Use this link, there should be the first hit that defines everything for you

                      1 Reply Last reply Reply Quote 0
                      10 out of 10
                      • First post
                        10/10
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received