# [SOLVED] VPN Connection - Gentoo Server w/Windows XP Client

## mortar

Trying to set up a VPN connection to my Netgear DG834G Router to only realise that apparently it's only a VPN Pass-Through and doesn't accept connections.

I've tried set up OpenVPN as per a gentoo wiki, and I got all the way to the end just to find it doesn't work..  I had a few problems with the Certificate creation but I think i've got it sorted out but I don't know where to start with giving information that will lead to the success of me getting this working.

A few questions:

(1) Has anyone actually got an xp client connection to a gentoo server via VPN?

(2) I'm only using dynamic dns on the my Gentoo Server, do I specifically need a static IP Address?

(3) Do I have to have a static IP/dynamic DNS for the client machine?

(4) Does it work out of the box with Windows XP Network Connections or do I need the OpenVPN client for the connection to work.

(5) What are the recommended authentication settings, e.g. SHA1 etc etcLast edited by mortar on Sat Dec 31, 2005 5:29 am; edited 1 time in total

----------

## magic919

1. Yes

2. No

3. No

4. I use openVPN on XP machine.

5. Mine uses a 1024 DH key.

I read a few of the HOWTOs to get mine working.  Logging is your friend here.  I specifically open port 1194 UDP on the DG834Gs even though it should not be needed.  Found it a bit hit and miss otherwise.  Mostly a matter of matching client and server configs.  Some of my server config

```

port 1194

proto udp

dev tap

ca ca.crt

cert server.crt

key server.key

dh dh1024.pem

ifconfig-pool-persist ipp.txt

server-bridge 172.16.32.1 255.255.255.0 172.16.32.100 172.16.32.110

push "route 172.16.32.0 255.255.255.0"

;client-to-client

duplicate-cn

keepalive 10 120

comp-lzo

user nobody

group nobody

persist-key

persist-tun

status /var/log/openvpn-status.log

verb 3 

log /var/log/openvpn.log

```

You don't need all of this for a standard 1:1 VPN.

----------

## mortar

Thanks for that, i'll give your config a go...

I'm getting this when I try and start the service.. Any ideas?

```

 * Starting openvpn for gateway ...

Options error: In [CMD-LINE]:1: Error opening configuration file: gateway/local.conf

Use --help for more information.                                          [ !! ]

 * Expected /etc/openvpn/gateway.conf to be a directory containing a local.conf.
```

Is the information from this too old to rely on?

https://forums.gentoo.org/viewtopic-t-233080-start-0-postdays-0-postorder-asc-highlight-.html

----------

## magic919

The conf file it is expecting these days is local.conf and you stick it in a sub-directory of /etc/openvpn, say /etc/openvpn/server/.  Found that out when I did an upgrade recently.

----------

## mortar

Ok I got that working by using the ~ version and basically they changed the config so now it looks for openvpn.conf  so I symlinked the actual file to that..

So everything seems to work fine, I just can't make the connection for some reason and I feel it's something obvious.. Here is my client code.. Anything obvious in here you can see?

```
Mon Dec 19 15:28:24 2005 us=414246 Current Parameter Settings:

Mon Dec 19 15:28:24 2005 us=414428   config = 'client.ovpn'

Mon Dec 19 15:28:24 2005 us=414455   mode = 0

Mon Dec 19 15:28:24 2005 us=414482   show_ciphers = DISABLED

Mon Dec 19 15:28:24 2005 us=414508   show_digests = DISABLED

Mon Dec 19 15:28:24 2005 us=414536   show_engines = DISABLED

Mon Dec 19 15:28:24 2005 us=414563   genkey = DISABLED

Mon Dec 19 15:28:24 2005 us=414588   key_pass_file = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=414616   show_tls_ciphers = DISABLED

Mon Dec 19 15:28:24 2005 us=414641   proto = 0

Mon Dec 19 15:28:24 2005 us=414666   local = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=414695   remote_list[0] = {'999.999.999.999', 1194} #removed my actual ip

Mon Dec 19 15:28:24 2005 us=414721   remote_random = DISABLED

Mon Dec 19 15:28:24 2005 us=414748   local_port = 1194

Mon Dec 19 15:28:24 2005 us=414774   remote_port = 1194

Mon Dec 19 15:28:24 2005 us=414799   remote_float = DISABLED

Mon Dec 19 15:28:24 2005 us=414825   ipchange = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=414849   bind_local = ENABLED

Mon Dec 19 15:28:24 2005 us=414873   dev = 'tap'

Mon Dec 19 15:28:24 2005 us=414898   dev_type = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=438454   dev_node = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=438509   tun_ipv6 = DISABLED

Mon Dec 19 15:28:24 2005 us=438535   ifconfig_local = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=438562   ifconfig_remote_netmask = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=438590   ifconfig_noexec = DISABLED

Mon Dec 19 15:28:24 2005 us=438621   ifconfig_nowarn = DISABLED

Mon Dec 19 15:28:24 2005 us=438647   shaper = 0

Mon Dec 19 15:28:24 2005 us=438673   tun_mtu = 1500

Mon Dec 19 15:28:24 2005 us=438698   tun_mtu_defined = ENABLED

Mon Dec 19 15:28:24 2005 us=438724   link_mtu = 1500

Mon Dec 19 15:28:24 2005 us=438749   link_mtu_defined = DISABLED

Mon Dec 19 15:28:24 2005 us=438775   tun_mtu_extra = 32

Mon Dec 19 15:28:24 2005 us=438801   tun_mtu_extra_defined = ENABLED

Mon Dec 19 15:28:24 2005 us=438827   fragment = 0

Mon Dec 19 15:28:24 2005 us=438852   mtu_discover_type = -1

Mon Dec 19 15:28:24 2005 us=438877   mtu_test = 1

Mon Dec 19 15:28:24 2005 us=438901   mlock = DISABLED

Mon Dec 19 15:28:24 2005 us=438926   keepalive_ping = 0

Mon Dec 19 15:28:24 2005 us=438953   keepalive_timeout = 0

Mon Dec 19 15:28:24 2005 us=438978   inactivity_timeout = 0

Mon Dec 19 15:28:24 2005 us=439004   ping_send_timeout = 0

Mon Dec 19 15:28:24 2005 us=439030   ping_rec_timeout = 120

Mon Dec 19 15:28:24 2005 us=439056   ping_rec_timeout_action = 2

Mon Dec 19 15:28:24 2005 us=439082   ping_timer_remote = DISABLED

Mon Dec 19 15:28:24 2005 us=439144   remap_sigusr1 = 0

Mon Dec 19 15:28:24 2005 us=439172   explicit_exit_notification = 0

Mon Dec 19 15:28:24 2005 us=439198   persist_tun = DISABLED

Mon Dec 19 15:28:24 2005 us=439225   persist_local_ip = DISABLED

Mon Dec 19 15:28:24 2005 us=439251   persist_remote_ip = DISABLED

Mon Dec 19 15:28:24 2005 us=439277   persist_key = DISABLED

Mon Dec 19 15:28:24 2005 us=439303   mssfix = 1450

Mon Dec 19 15:28:24 2005 us=439330   resolve_retry_seconds = 1000000000

Mon Dec 19 15:28:24 2005 us=439357   connect_retry_seconds = 5

Mon Dec 19 15:28:24 2005 us=439383   username = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=439409   groupname = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=439435   chroot_dir = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=439460   cd_dir = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=439486   writepid = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=440554   up_script = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=440636   down_script = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=440664   down_pre = DISABLED

Mon Dec 19 15:28:24 2005 us=440690   up_restart = DISABLED

Mon Dec 19 15:28:24 2005 us=440715   up_delay = DISABLED

Mon Dec 19 15:28:24 2005 us=440741   daemon = DISABLED

Mon Dec 19 15:28:24 2005 us=440766   inetd = 0

Mon Dec 19 15:28:24 2005 us=440791   log = DISABLED

Mon Dec 19 15:28:24 2005 us=440818   suppress_timestamps = DISABLED

Mon Dec 19 15:28:24 2005 us=440844   nice = 0

Mon Dec 19 15:28:24 2005 us=440870   verbosity = 4

Mon Dec 19 15:28:24 2005 us=477453   mute = 0

Mon Dec 19 15:28:24 2005 us=477534   gremlin = 0

Mon Dec 19 15:28:24 2005 us=477560   status_file = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=477586   status_file_version = 1

Mon Dec 19 15:28:24 2005 us=477612   status_file_update_freq = 60

Mon Dec 19 15:28:24 2005 us=477637   occ = ENABLED

Mon Dec 19 15:28:24 2005 us=477662   rcvbuf = 0

Mon Dec 19 15:28:24 2005 us=477690   sndbuf = 0

Mon Dec 19 15:28:24 2005 us=477718   socks_proxy_server = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=477745   socks_proxy_port = 0

Mon Dec 19 15:28:24 2005 us=477770   socks_proxy_retry = DISABLED

Mon Dec 19 15:28:24 2005 us=477795   fast_io = DISABLED

Mon Dec 19 15:28:24 2005 us=477819   comp_lzo = ENABLED

Mon Dec 19 15:28:24 2005 us=477844   comp_lzo_adaptive = ENABLED

Mon Dec 19 15:28:24 2005 us=477910   route_script = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=477936   route_default_gateway = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=477963   route_noexec = DISABLED

Mon Dec 19 15:28:24 2005 us=503109   route_delay = 0

Mon Dec 19 15:28:24 2005 us=503165   route_delay_window = 30

Mon Dec 19 15:28:24 2005 us=503191   route_delay_defined = ENABLED

Mon Dec 19 15:28:24 2005 us=503217   management_addr = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=503242   management_port = 0

Mon Dec 19 15:28:24 2005 us=503267   management_user_pass = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=503293   management_log_history_cache = 250

Mon Dec 19 15:28:24 2005 us=503321   management_echo_buffer_size = 100

Mon Dec 19 15:28:24 2005 us=503349   management_query_passwords = DISABLED

Mon Dec 19 15:28:24 2005 us=503374   management_hold = DISABLED

Mon Dec 19 15:28:24 2005 us=503400   shared_secret_file = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=503426   key_direction = 2

Mon Dec 19 15:28:24 2005 us=503451   ciphername_defined = ENABLED

Mon Dec 19 15:28:24 2005 us=503476   ciphername = 'BF-CBC'

Mon Dec 19 15:28:24 2005 us=504177   authname_defined = ENABLED

Mon Dec 19 15:28:24 2005 us=571236   authname = 'SHA1'

Mon Dec 19 15:28:24 2005 us=571299   keysize = 0

Mon Dec 19 15:28:24 2005 us=571323   engine = DISABLED

Mon Dec 19 15:28:24 2005 us=571348   replay = ENABLED

Mon Dec 19 15:28:24 2005 us=571373   mute_replay_warnings = DISABLED

Mon Dec 19 15:28:24 2005 us=571399   replay_window = 64

Mon Dec 19 15:28:24 2005 us=571425   replay_time = 15

Mon Dec 19 15:28:24 2005 us=571450   packet_id_file = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=571475   use_iv = ENABLED

Mon Dec 19 15:28:24 2005 us=571500   test_crypto = DISABLED

Mon Dec 19 15:28:24 2005 us=571524   tls_server = DISABLED

Mon Dec 19 15:28:24 2005 us=571549   tls_client = ENABLED

Mon Dec 19 15:28:24 2005 us=571574   key_method = 2

Mon Dec 19 15:28:24 2005 us=571601   ca_file = 'ca.crt'

Mon Dec 19 15:28:24 2005 us=571626   dh_file = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=571654   cert_file = 'client.crt'

Mon Dec 19 15:28:24 2005 us=652692   priv_key_file = 'client-key.txt'

Mon Dec 19 15:28:24 2005 us=652758   pkcs12_file = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=652783   cryptoapi_cert = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=652807   cipher_list = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=652833   tls_verify = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=652859   tls_remote = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=652884   crl_file = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=652908   ns_cert_type = 64

Mon Dec 19 15:28:24 2005 us=652931   tls_timeout = 2

Mon Dec 19 15:28:24 2005 us=652955   renegotiate_bytes = 0

Mon Dec 19 15:28:24 2005 us=652980   renegotiate_packets = 0

Mon Dec 19 15:28:24 2005 us=653005   renegotiate_seconds = 3600

Mon Dec 19 15:28:24 2005 us=653030   handshake_window = 60

Mon Dec 19 15:28:24 2005 us=653055   transition_window = 3600

Mon Dec 19 15:28:24 2005 us=653080   single_session = DISABLED

Mon Dec 19 15:28:24 2005 us=653106   tls_exit = DISABLED

Mon Dec 19 15:28:24 2005 us=716290   tls_auth_file = 'ta-key.txt'

Mon Dec 19 15:28:24 2005 us=716414   server_network = 0.0.0.0

Mon Dec 19 15:28:24 2005 us=716444   server_netmask = 0.0.0.0

Mon Dec 19 15:28:24 2005 us=716479   server_bridge_ip = 0.0.0.0

Mon Dec 19 15:28:24 2005 us=716507   server_bridge_netmask = 0.0.0.0

Mon Dec 19 15:28:24 2005 us=716535   server_bridge_pool_start = 0.0.0.0

Mon Dec 19 15:28:24 2005 us=716564   server_bridge_pool_end = 0.0.0.0

Mon Dec 19 15:28:24 2005 us=716593   ifconfig_pool_defined = DISABLED

Mon Dec 19 15:28:24 2005 us=716624   ifconfig_pool_start = 0.0.0.0

Mon Dec 19 15:28:24 2005 us=716653   ifconfig_pool_end = 0.0.0.0

Mon Dec 19 15:28:24 2005 us=716684   ifconfig_pool_netmask = 0.0.0.0

Mon Dec 19 15:28:24 2005 us=716713   ifconfig_pool_persist_filename = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=716742   ifconfig_pool_persist_refresh_freq = 600

Mon Dec 19 15:28:24 2005 us=716767   ifconfig_pool_linear = DISABLED

Mon Dec 19 15:28:24 2005 us=716794   n_bcast_buf = 256

Mon Dec 19 15:28:24 2005 us=776793   tcp_queue_limit = 64

Mon Dec 19 15:28:24 2005 us=776853   real_hash_size = 256

Mon Dec 19 15:28:24 2005 us=776880   virtual_hash_size = 256

Mon Dec 19 15:28:24 2005 us=776905   client_connect_script = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=776933   learn_address_script = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=776961   client_disconnect_script = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=776986   client_config_dir = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=777011   ccd_exclusive = DISABLED

Mon Dec 19 15:28:24 2005 us=777035   tmp_dir = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=777061   push_ifconfig_defined = DISABLED

Mon Dec 19 15:28:24 2005 us=777097   push_ifconfig_local = 0.0.0.0

Mon Dec 19 15:28:24 2005 us=777126   push_ifconfig_remote_netmask = 0.0.0.0

Mon Dec 19 15:28:24 2005 us=777151   enable_c2c = DISABLED

Mon Dec 19 15:28:24 2005 us=777176   duplicate_cn = DISABLED

Mon Dec 19 15:28:24 2005 us=842849   cf_max = 0

Mon Dec 19 15:28:24 2005 us=842909   cf_per = 0

Mon Dec 19 15:28:24 2005 us=842935   max_clients = 1024

Mon Dec 19 15:28:24 2005 us=842961   max_routes_per_client = 256

Mon Dec 19 15:28:24 2005 us=842986   client_cert_not_required = DISABLED

Mon Dec 19 15:28:24 2005 us=843013   username_as_common_name = DISABLED

Mon Dec 19 15:28:24 2005 us=843043   auth_user_pass_verify_script = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=843074   auth_user_pass_verify_script_via_file = DISABLED

Mon Dec 19 15:28:24 2005 us=843100   client = DISABLED

Mon Dec 19 15:28:24 2005 us=843123   pull = ENABLED

Mon Dec 19 15:28:24 2005 us=843149   auth_user_pass_file = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=843183   show_net_up = DISABLED

Mon Dec 19 15:28:24 2005 us=843208   route_method = 0

Mon Dec 19 15:28:24 2005 us=843233   ip_win32_defined = DISABLED

Mon Dec 19 15:28:24 2005 us=843258   ip_win32_type = 3

Mon Dec 19 15:28:24 2005 us=843284   dhcp_masq_offset = 0

Mon Dec 19 15:28:24 2005 us=920888   dhcp_lease_time = 31536000

Mon Dec 19 15:28:24 2005 us=920948   tap_sleep = 0

Mon Dec 19 15:28:24 2005 us=920973   dhcp_options = DISABLED

Mon Dec 19 15:28:24 2005 us=920997   dhcp_renew = DISABLED

Mon Dec 19 15:28:24 2005 us=921020   dhcp_pre_release = DISABLED

Mon Dec 19 15:28:24 2005 us=921044   dhcp_release = DISABLED

Mon Dec 19 15:28:24 2005 us=921068   domain = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=921093   netbios_scope = '[UNDEF]'

Mon Dec 19 15:28:24 2005 us=921117   netbios_node_type = 0

Mon Dec 19 15:28:24 2005 us=921141   disable_nbt = DISABLED

Mon Dec 19 15:28:24 2005 us=921210 OpenVPN 2.0.5 Win32-MinGW [SSL] [LZO] built on Nov  2 2005

Mon Dec 19 15:28:24 2005 us=922416 Cannot load certificate file client.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib

Mon Dec 19 15:28:24 2005 us=922517 Exiting

```

And here is the logfile for the server.

```
OpenVPN CLIENT LIST

Updated,Mon Dec 19 15:40:56 2005

Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since

ROUTING TABLE

Virtual Address,Common Name,Real Address,Last Ref

GLOBAL STATS

Max bcast/mcast queue length,0

END

```

----------

## mortar

It ended up being that I wasn't quite familiar with the process of certifiying the certificates..

I removed everything, started from scratch using this as a guide again:

https://forums.gentoo.org/viewtopic-t-233080-start-0-postdays-0-postorder-asc-highlight-.html

And everything now works fine!!

Thanks!

----------

