www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

OpenVPN setup via GUI for VPN public service

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> VPN
View previous topic :: View next topic  
Author Message
maximus



Joined: 01 Aug 2012
Posts: 2

PostPosted: Wed Aug 01, 2012 11:33 pm    Post subject: OpenVPN setup via GUI for VPN public service Reply with quote

Hi folks,
I'm aiming at setting up ZS to connect my network to a public VPN service (UnblockVPN.com) using OpenVPN in lan-to-lan client mode.

In order to easily access the afore said service, I have been given a .ovpn file and a certificate file (.pem).

I have already created a OpenVPN interface on ZS replicating given connection options (shown in the .ovpn file) in the connection "parameters" (aka command line options of the openvpn command) but I'm unable to make ZS to import the given certificate as I get a "not valid key source file" error (btw, the .pem file is just a host certificate).

Moreover, having set the "--auth-user-pass" option for the OpenVPN setup, ZS is showing a warning reporting "ERROR: could not read Auth username from stdin", without asking username/password interactively.

I'm trying this way because I would like to AVOID uploading to ZS a config file, a credentials file and a dedicated certificate file to be read for correctly starting openvpn; I would like to setup the whole thing just using the web interface.

As this is a common application, I think many other users could be interested too.

Does anybody know how to solve these issues?

Thanks in advance.
Back to top
View user's profile Send private message
maximus



Joined: 01 Aug 2012
Posts: 2

PostPosted: Fri Aug 03, 2012 1:45 pm    Post subject: Reply with quote

Well, I found no solution to the issue I presented here exactly as I wanted to do, i.e. just using the GUI (the ZS web interface).

First and generally, there are too many limitations at the moment for the web interface to be able to setup OpenVPN in all the possibile options (as specified in the documents, the actual implementation aims at building ZS-to-ZS vpns with a specific not-standard configuration).

This could be a problem when accessing a third-party system, such as a public VPN service, for which it is compulsory to comply with a given setup.

Second, even deciding to use a manual and longer approach, that is to upload to ZS the setup files provided by the supplier (in my case the configuration file .ovpn, the certificate file .pem and the username/password file) and then just set the GUI for reading them (--config xxxx.ovpn), there will still be an error (Sorry, 'Auth' password cannot be read from a file) because the openvpn binary file included in the current release of ZS has not been compiled with the "-enable-password-save" option.

At least, as a primary and quick solution to the above, I would suggest the author to recompile the OpenVPN executable with the said option in order to make credentials to be readable from a file, as a little security flaw can be safely tolerated in order to gain an automatic logon to the vpn service and the persistence of the connection, being this a mostly important feature for an unattended connectivity device such as a ZS box.

Of course, as many other users stated in this forum, a more definitive solution would be to make the VPN web interface easier and faster to setup.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> VPN All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group