OpenVPN with xp & win7 clients

Ernie Luzar luzar722 at gmail.com
Mon Jul 18 20:53:13 UTC 2016 

Odhiambo Washington wrote:
> 
> 
> On 17 July 2016 at 23:18, Ernie Luzar <luzar722 at gmail.com 
> <mailto:luzar722 at gmail.com>> wrote:
> 
>     Odhiambo Washington wrote:
> 
> 
> 
>         On 17 July 2016 at 18:58, Ernie Luzar <luzar722 at gmail.com
>         <mailto:luzar722 at gmail.com> <mailto:luzar722 at gmail.com
>         <mailto:luzar722 at gmail.com>>> wrote:
> 
>             Hello List;
> 
>             I travel outside of my home country a lot and can not access
>         some
>             web site content because internet connection is from foreign ip
>             address range.
> 
>             I see many how-tos for installing and configuration VPN on a
>         FreeBSD
>             host. But all most all of these how-tos assume the client
>         will be a
>             FreeBSD box also. In my case I have 2 laptops I travel with,
>         win xp
>             & win7. The official OpenVPN website does offer clients for xp &
>             win7 but configuration info is not available.
> 
>             Looking for how-to to setup VPN client on xp & win7.
> 
> 
> 
>         For Windows client, use the following:
>         http://download.securepoint.de/?d=Securepoint%20SSL%20VPN%20Client/v1.0.3
> 
>          
> 
>             The FreeBSD handbook has section on IPsec/VPN, but again it
>         assumes
>             server and client is a FreeBSD host. Looking for how-to on
>         setting
>             up IPsec/VPN on xp & win7.
> 
> 
>         For setting up the server, use the following: Use this link:
>         http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/
>          
> 
>             I have 2 concerns. How much hesitation will VPN inject into
>         watching
>             tv programs or movies on my laptops in a foreign country? Will
>             IPsec/VPN inject longer hesitations?
> 
> 
>         I cannot tell about the latencies (I guess that is what you call
>         hesitation :-)) because I haven't tried it.
>          
> 
>             Can I use the remote VPN client to start the show streaming
>         and then
>             have the VPN host record the program? Later down loading the
>         program
>             file to my laptop for viewing?
> 
> 
>         That is beyond the scope of FreeBSD questions I guess :-)
>         But maybe someone has done it and will give you their story.
> 
> 
> 
> 
>     " For setting up the server, use the following: Use this link:
>     http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/"
> 
>     That link content is out-dated. The openvpn port/pkg does not
>     include the easy-rsa scripts build-ca, build-key-server, build-key,
>     build-dh that are described in that how-too. The certificates are
>     the backbone of security for VPN and without correct documentation
>     that how-to is useless. To make things even worse, the easy-rsa port
>     is lacking a manual page.
> 
> 
> That link is very comprehensive, but also if you applied a little common 
> sense, you'd realize that you can install easy-rsa either using the pkg 
> or ports. That's what I did and things work so well.
> 
> root at waridi:/usr/local/etc/fail2ban # locate easy-rsa
> /usr/ports/security/easy-rsa
> /usr/ports/security/easy-rsa/Makefile
> /usr/ports/security/easy-rsa/distinfo
> /usr/ports/security/easy-rsa/files
> /usr/ports/security/easy-rsa/files/easyrsa.in <http://easyrsa.in>
> /usr/ports/security/easy-rsa/pkg-descr
> /usr/ports/security/easy-rsa/pkg-plist
> /usr/ports/security/easy-rsa2
> /usr/ports/security/easy-rsa2/Makefile
> /usr/ports/security/easy-rsa2/distinfo
> /usr/ports/security/easy-rsa2/pkg-descr
> /usr/ports/security/easy-rsa2/pkg-plist
> root at waridi:/usr/local/etc/fail2ban # pkg search -x easy-rsa
> easy-rsa-3.0.1_1               Small RSA key management package based on 
> openssl
> easy-rsa2-2.2.2                Small RSA key management package based on 
> openssl
> root at waridi:/usr/local/etc/fail2ban # 
> 
> I used that link and it works wonders. I have users roaming everywhere. 
> All I have to do is generate client certs for them, download it to their 
> PCs, install the VPN client, configure it (change tun to tap, enable 
> lzo, disable prompting for username/password) and voila!
> 
> Well, just search around for other HOWTOs.
> 
> 

Thanks for the details. I see the problem now. That how-to is based on 
easy-rsa2-2.2.2 which was installed as part of a older version of the 
openvpn port. The current version of openvpn port installs 
easy-rsa-3.0.1_1 which is way different than easy-rsa2-2.2.2 which makes 
that openvpn install how-to out dated.

Another difference is the version of openvpn installed by the current 
openvpn port is different than the openvpn version installed with the 
easy-rsa2-2.2.2 version of the port.

Openvpn-2.3.11 now at start time wants "Enter Private key password".
Need to find a way to stop this prompt so openvpn will start at boot 
time without human intervention.

More information about the freebsd-questions mailing list