I managed to get my home connected to my office computer via openvpn. My problem is that when I tried to use the --secret key command, I get an error saying it can't find the key and won't connect. Now, I generated the key and have one on my home system and copied the other to the office. Both are named static.key and in my home.conf, I have it set at /home/tom/openvpn/static.key. But the open vpn won't find it even though I have --secret key on my command line. Where the hell is the static.key supposed to go? I followed the directions in the man page (which was really nice), but with no success. Any thoughts? Tom
On Mon, 19 Jan 2004 11:20, Tom Nielsen wrote:
I managed to get my home connected to my office computer via openvpn. My problem is that when I tried to use the --secret key command, I get an error saying it can't find the key and won't connect.
Now, I generated the key and have one on my home system and copied the other to the office. Both are named static.key and in my home.conf, I have it set at /home/tom/openvpn/static.key. But the open vpn won't find it even though I have --secret key on my command line.
Where the hell is the static.key supposed to go? I followed the directions in the man page (which was really nice), but with no success.
Any thoughts?
Tom
In my configs for openvpn all my config scrips are located in /etc/openvpn as well as the keys. The /etc/openvpn directory is only readable by root. I suggest as a security point you do similiar. Now in the config script you have to enter the path for the where your key file is located. e.g. secret /etc/openvpn/static.key I hope that helps, if not give me a yell. -- Regards, Graham Smith ---------------------------------------------------------
On Sun, 2004-01-18 at 19:02, Graham Smith wrote:
On Mon, 19 Jan 2004 11:20, Tom Nielsen wrote:
I managed to get my home connected to my office computer via openvpn. My problem is that when I tried to use the --secret key command, I get an error saying it can't find the key and won't connect.
Now, I generated the key and have one on my home system and copied the other to the office. Both are named static.key and in my home.conf, I have it set at /home/tom/openvpn/static.key. But the open vpn won't find it even though I have --secret key on my command line.
Where the hell is the static.key supposed to go? I followed the directions in the man page (which was really nice), but with no success.
Any thoughts?
Tom
In my configs for openvpn all my config scrips are located in /etc/openvpn as well as the keys. The /etc/openvpn directory is only readable by root. I suggest as a security point you do similiar.
Now in the config script you have to enter the path for the where your key file is located. e.g.
secret /etc/openvpn/static.key
I hope that helps, if not give me a yell.
When I try to connect to my office, does my home config try to read the static.key located at home or the office? Tom
On Mon, 19 Jan 2004 15:51, Tom Nielsen wrote:
On Sun, 2004-01-18 at 19:02, Graham Smith wrote:
On Mon, 19 Jan 2004 11:20, Tom Nielsen wrote:
I managed to get my home connected to my office computer via openvpn. My problem is that when I tried to use the --secret key command, I get an error saying it can't find the key and won't connect.
Now, I generated the key and have one on my home system and copied the other to the office. Both are named static.key and in my home.conf, I have it set at /home/tom/openvpn/static.key. But the open vpn won't find it even though I have --secret key on my command line.
Where the hell is the static.key supposed to go? I followed the directions in the man page (which was really nice), but with no success.
Any thoughts?
Tom
In my configs for openvpn all my config scrips are located in /etc/openvpn as well as the keys. The /etc/openvpn directory is only readable by root. I suggest as a security point you do similiar.
Now in the config script you have to enter the path for the where your key file is located. e.g.
secret /etc/openvpn/static.key
I hope that helps, if not give me a yell.
When I try to connect to my office, does my home config try to read the static.key located at home or the office?
Tom
There is really not much to it to get a static key to work. The key MUST be the same at both the server and client ( office / home). Then all you is add the path of where the key is installed in both your config scripts. The office utilises the key at the office and compares it with the one sent from your home. Firstly what error message do you get. Secondly can you send me both your server and client config scripts. -- Regards, Graham Smith ---------------------------------------------------------
On Sun, 2004-01-18 at 19:02, Graham Smith wrote: snip
Now in the config script you have to enter the path for the where your key file is located. e.g.
secret /etc/openvpn/static.key
This is strange. When trying to connect, on the command line, I had to list where the key was: --secret /home/tom/vpn/static.key This worked. I'm now connected. I thought the home-config script was supposed to take care of this??? Tom
On Mon, 19 Jan 2004 15:58, Tom Nielsen wrote:
On Sun, 2004-01-18 at 19:02, Graham Smith wrote: snip
Now in the config script you have to enter the path for the where your key file is located. e.g.
secret /etc/openvpn/static.key
This is strange. When trying to connect, on the command line, I had to list where the key was: --secret /home/tom/vpn/static.key This worked. I'm now connected. I thought the home-config script was supposed to take care of this???
Tom, Looks like you have a problem with your config file. I can connect without specifying the key path on the command line. I suggest you check your config file for typo's and permissions. What error message do you get when trying to connect using the config file only? -- Regards, Graham Smith ---------------------------------------------------------
On Sun, 2004-01-18 at 21:23, Graham Smith wrote:
On Mon, 19 Jan 2004 15:58, Tom Nielsen wrote:
On Sun, 2004-01-18 at 19:02, Graham Smith wrote: snip
Now in the config script you have to enter the path for the where your key file is located. e.g.
secret /etc/openvpn/static.key
This is strange. When trying to connect, on the command line, I had to list where the key was: --secret /home/tom/vpn/static.key This worked. I'm now connected. I thought the home-config script was supposed to take care of this???
Tom,
Looks like you have a problem with your config file. I can connect without specifying the key path on the command line. I suggest you check your config file for typo's and permissions.
What error message do you get when trying to connect using the config file only?
I'm good now. I had to change some stuff in my config files. Now I'm connecting with no problem. NOW, my problem is being able to get to the other computers on my network. I can ping my workstation, but not the other guys. I gather this has something to do with home.up or office.up. Now, which one do I want to setup to get my office network on my home system? Meaning, I want to ping all office machines from home. Have you done this? I use this command in my home.up: #!/bin/bash route add -net 192.168.0.0 netmask 255.255.255.255 gw 10.0.0.1 With that I get a response "network unreachable". Soooo close. Tom
On Monday 19 January 2004 07:29, Tom Nielsen wrote:
I use this command in my home.up: #!/bin/bash route add -net 192.168.0.0 netmask 255.255.255.255 gw 10.0.0.1 With that I get a response "network unreachable". Soooo close.
According to this, 192.168.0.x is your office network? and 10.0.0.1, I'm guessing is your gateway to the internet? The tunnel you created with openvpn, should have an IP number, that would be the IP you specify in 'gw'. If 192.168.0.x is a network, you wouldn't want to specify a netmask of 255.255.255.255 as that specifies it as a single machine, while 192.168.0.0 is a network. Change it to class C or B, or whatever the network netmask of your office is.
Tom
On Mon, 2004-01-19 at 01:29, Tom Nielsen wrote:
Looks like you have a problem with your config file. I can connect without specifying the key path on the command line. I suggest you check your config file for typo's and permissions.
What error message do you get when trying to connect using the config file only?
I'm good now. I had to change some stuff in my config files. Now I'm connecting with no problem. NOW, my problem is being able to get to the other computers on my network. I can ping my workstation, but not the other guys. I gather this has something to do with home.up or office.up. Now, which one do I want to setup to get my office network on my home system? Meaning, I want to ping all office machines from home. Have you done this?
I use this command in my home.up: #!/bin/bash route add -net 192.168.0.0 netmask 255.255.255.255 gw 10.0.0.1 255.255.255.0
Should make a difference. -- Ken Schneider unix user since 1989 linux user since 1994 SuSE user since 1998 (5.2)
participants (4)
-
Graham Smith
-
Kenneth Schneider
-
Tom Nielsen
-
Örn Hansen