Porting OpenVPN configuration from Windows

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
sawan
Level 1
Level 1
Posts: 2
Joined: Thu Jul 18, 2019 5:11 pm

Porting OpenVPN configuration from Windows

Post by sawan » Thu Jul 18, 2019 5:27 pm

Hi,

I have recently installed Linux Mint and have been very pleased with it. I have had OpenVPN installed on my windows installation for work access and am trying to move the OPENVPN to Linux Mint (So far the only reason to have to stick to Windows).

I tried to copy the config files and the key etc to /home/shafique folder but it seems not to work. Obviously some tweaking is required to the config file. I am finding it difficult to understand where as I am new to Linux. I am copying the 3688-101.ovpn file below

******************************************************************************************

Code: Select all

###################################################
#  OpenVPN Config Generated by Phill's BKO Setup  #
###################################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
;added sawan

dev-node Ethernet-2
# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
;proto tcp
proto udp

#tun-mtu 1500
#fragment 1300
#mssfix
ping 10
ping-restart 20
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote vpnsecure.retaildata.co.uk 1194
remote support.retaildata.co.uk 1194

# Choose a random host from the remote
# list for load-balancing.  Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.  See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca ca.crt
cert 3688-101.crt
key 3688-101.key

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to .  This is an
# important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to .  The build-key-server
# script in the easy-rsa folder will do this.
;ns-cert-type server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20

# Vista Fix
route-method exe
route-delay 2

# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth ta.key 1

# Strongest cipher avilable for 2.1.3 (Squeeze) clients
cipher AES-256-CBC
keysize 256
auth SHA256 # SHA256 or SHA-256 syntax check?
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
******************************************************************************************

I then used the command

Code: Select all

shafique@SAWAN-Linux-NB:~$ sudo openvpn --config /home/shafique/3688-101.ovpn
to try to run OPENVPN however it errors out with the following

Code: Select all

Thu Jul 18 22:02:23 2019 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jul 18 22:02:23 2019 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jul 18 22:02:23 2019 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp3s0 HWADDR=cc:b0:da:ef:2b:85
Thu Jul 18 22:02:23 2019 ERROR: Cannot open TUN/TAP dev tun: No such file or directory (errno=2)
Thu Jul 18 22:02:23 2019 Exiting due to fatal error

SInce the service provider does not provide support with any other OS except WINDOWS I am hoping someone can point me to the right direction.


THANK YOU in advance

gostal
Level 2
Level 2
Posts: 59
Joined: Fri Sep 07, 2018 9:56 am

Re: Porting OpenVPN configuration from Windows

Post by gostal » Fri Jul 19, 2019 7:43 am

Since you have an ovpn-file it should be fairly simple to set up your vpn connection. The ovpn-file should contain the necessary information to enable automatic import using the command line interface nmcli to the network manager like so:

Code: Select all

sudo nmcli connection import type openvpn file /home/shafique/3688-101.ovpn
If this works you should find the VPN-connection 3688-101 by clicking the network systray icon. Tip: rename the ovpn-file to something more descriptive than a bunch of numbers. Keep the .ovpn at the end.

Do not try to connect just yet! You'll be prompted for your password but since the ovpn-file probably doesn't contain your username it won't work. First you have to edit the connection configuration and add your username. Right-klick the systray network icon and choose Edit Connections.... After completing the configuration with your username you can try to connect.

Hope this helps!

Cheers,
gostal
Lap: Latitude E6520, i3-2330M @ 2.20GHz, 4GB, Intel HD Graphics 3000, OS Mint 19.1 version Mate, Windows 7 Enterprise
Desk: Dell Precision T5810, Xeon E5-1650 v4 @ 3.60GHz,72 GB, Radeon Pro WX 7100, OS OpenSuse Leap 42.3
Stockholm, Sweden

sawan
Level 1
Level 1
Posts: 2
Joined: Thu Jul 18, 2019 5:11 pm

Re: Porting OpenVPN configuration from Windows

Post by sawan » Sun Jul 21, 2019 4:22 am

HI,

Thanks a million for your help. I had got the VPN working through the TERMINAL finally, there were a couple of tweaks required, due to WINDOWS references and of course placing the files in the right directories.

I managed to add the connection to the NETWORK Connections as you suggested, and it works from there too. However two things I need a bit of help with.

1. Did not need to add any user name and password. "ALL USERS CAN CONNECT TO THIS NETWORK" is checked in the GENERAL tab. Is that where the username/password was required?

2. It connects and works fine from the NETWORK Icon on the bottom right, but it seems if I connect from the terminal then I can browse and connect to the work server, but if I connect from the NETWORK Icon then I can not access anything other than the VPN.

Thanks for taking the time out and would really appreciate any further pointers.

Regards

gostal
Level 2
Level 2
Posts: 59
Joined: Fri Sep 07, 2018 9:56 am

Re: Porting OpenVPN configuration from Windows

Post by gostal » Sun Jul 21, 2019 6:10 am

sawan wrote:
Sun Jul 21, 2019 4:22 am
1. Did not need to add any user name and password. "ALL USERS CAN CONNECT TO THIS NETWORK" is checked in the GENERAL tab. Is that where the username/password was required?

2. It connects and works fine from the NETWORK Icon on the bottom right, but it seems if I connect from the terminal then I can browse and connect to the work server, but if I connect from the NETWORK Icon then I can not access anything other than the VPN.
1 No, that's just saying that all defined users on your computer are authorised to use the connection. The username and password fields are in the VPN-tab. If there's information in those fields and the connection works then all has been properly set up. If you leave the password field blank you'll be prompted for it when you try to connect. Perhaps it's possible to set up a vpn-service without usernames and passwords but that would be rather pointless, wouldn't it? I guess it's also possible to provide that info in the ovpn-file. The ovpn-file is just a text file so you can see what's in there. It might clear up some issues if you're concerned with the details.

2 The vpn-service gives you access to the network, no more. It's just like any other network with the difference that the traffic is encrypted. To get access to other computers on it you normally would need separate authorisation for that, as you would on a normal network, unless there are public shares in those computers. If there are public shares you can use the file manager to browse them, if you like. It doesn't require a terminal session. I'm not sure this answers your question but then I don't know what services your work server provides.

Cheers,
gostal
Lap: Latitude E6520, i3-2330M @ 2.20GHz, 4GB, Intel HD Graphics 3000, OS Mint 19.1 version Mate, Windows 7 Enterprise
Desk: Dell Precision T5810, Xeon E5-1650 v4 @ 3.60GHz,72 GB, Radeon Pro WX 7100, OS OpenSuse Leap 42.3
Stockholm, Sweden

Post Reply

Return to “Other networking topics”