Mageia forum

[Alister]

So I'm trying to connect as a client to a server, so I can run everything on my computer internet ect encypted. Under Ubuntu and derivatives this is as simple as dropping the .crt file in /home pointing the set up to it inputting the vpn i.p giving it a name setting the username password and checking use lzo data compression then connecting. I've never worked out under any kde distro or one that uses this type of network configuration how to do it I've googled no luck.

I no how to get to openvpn and it installs the files required to use it, asks for a name I choose one what comes up next however has Type, PKCS # 12, Certificate Authority (CA), Certificate, Key no idea how to configure thos.

Next screen has Gateway I assume you input the vpn i.p here could be wrong IP address has get from server or configure not sure which to use advanced here more options

If anyone can help me overcome this issue, I will love you for the rest of my life! but I need a straightforward workable solution to this. Giving me an answer on how to set up vpn though configuration files terminal use and a good working knowledge of the linux file system is only going to leave me going maybe I'll try that next year.

So I've tried asking about this in the past and looking quite a few times and never had much luck I want to move away from ubuntu based systems but having a functioning vpn is a must otherwise I'll be moving on.

[wintpe]

as per the pm ive sent you

go through mcc -> configure vpn connection-> openvpn -leave x509 alone

your certificate of authority should be your ca.crt file ie the site wide coa for vpn provider.

your certificate should be your user based crt file for your session. ie user.crt

and the key should be your user based key, ie user.key

the gateway is the vpn providers ip.

ip address should be get from server.

so to understand this in a slightly different way.

openvpn uses ssl, which like ssh tunneling has a site key ie ca.crt which is like what is stored in your ssh known_hosts file.

your crt and key is like ssh's public key and private key.

when openvpn connects to your vpn provider it will raise another interface in you system

for example

Code: Select all

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:5057 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5152 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:6620258 (6.3 MiB)  TX bytes:321320 (313.7 KiB)


that acts as another lan which you can route traffic.

traffic routed doewn this interface goes through an ssh like tunnel into the destination vpn server, and then is routed onwards.

so at this time you will also get a new route added to your routing tables.

Code: Select all

[root@localhost ~]# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.82.15.251    0.0.0.0         UG        0 0          0 wlan0
10.8.0.0        10.8.0.5        255.255.255.0   UG        0 0          0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
10.82.14.0      0.0.0.0         255.255.254.0   U         0 0          0 wlan0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 wlan0
192.168.1.0     10.8.0.5        255.255.255.0   UG        0 0          0 tun0
192.168.2.0     10.8.0.5        255.255.255.0   UG        0 0          0 tun0


notice the tun0 routes.

now when traffic needs to get to the lans 192.168.1.0 ie your vpn providers network or another network, you will go through tun0 and all your traffic will be scrambled by the tunnels encryption.

any traffic not destined for those routes will leave the via the normal way.

if all your traffic is to be scrambled then your tun0 should be your default route.

and it would be advisable to add a firewall rule to prevent traffic leaving the normal route.

regards peter

[Alister]

Well thanks for that, I hadn't actually got around to testing this till now. Problem is the only files I can download from my vpn host are a .ovpn file and a .crt the .ovpn has the name of the server and the .crt has the name or the provider, you said to use the .crt then use a user.crt I only have one I put it for both. and the key where you say user.key and you choose a file well I don't have a file to choose I tried the .ovpn file but didn't work. normally the way I've done it before I had the option to manually type in the username and password into the settings to set it up.

my provider is nvpn.net if it helps any. thanks again!!!

[wintpe]

one of your files the .crt file that is should contain something that starts like this

Certificate:
Date:
Version: 3(0x2)

The user.key or .key file should just be a load of characters in a 80 character per line block aprox 25 lines long.

the ca.crt should also look similar to this but perhaps twice as many lines.

as for your vpn provider why should i have a clue how they format there system.

often people post when using this provider it does not work, no idea i dont use them, i setup my server myself.

try using google, i did and first line was this

http://lukasz.cepowski.com/devlog/32,sa ... onfig-ovpn

it explains the relationship between what ive suggested and the .ovpn file exactly

regards peter