Discussion:
OpenVPN with xp & win7 clients
(too old to reply)
Ernie Luzar
2016-07-17 15:58:18 UTC
Permalink
Hello List;

I travel outside of my home country a lot and can not access some web
site content because internet connection is from foreign ip address range.

I see many how-tos for installing and configuration VPN on a FreeBSD
host. But all most all of these how-tos assume the client will be a
FreeBSD box also. In my case I have 2 laptops I travel with, win xp &
win7. The official OpenVPN website does offer clients for xp & win7 but
configuration info is not available.

Looking for how-to to setup VPN client on xp & win7.

The FreeBSD handbook has section on IPsec/VPN, but again it assumes
server and client is a FreeBSD host. Looking for how-to on setting up
IPsec/VPN on xp & win7.

I have 2 concerns. How much hesitation will VPN inject into watching tv
programs or movies on my laptops in a foreign country? Will IPsec/VPN
inject longer hesitations?

Can I use the remote VPN client to start the show streaming and then
have the VPN host record the program? Later down loading the program
file to my laptop for viewing?

Thanks
Odhiambo Washington
2016-07-17 17:41:02 UTC
Permalink
Post by Ernie Luzar
Hello List;
I travel outside of my home country a lot and can not access some web site
content because internet connection is from foreign ip address range.
I see many how-tos for installing and configuration VPN on a FreeBSD host.
But all most all of these how-tos assume the client will be a FreeBSD box
also. In my case I have 2 laptops I travel with, win xp & win7. The
official OpenVPN website does offer clients for xp & win7 but configuration
info is not available.
Looking for how-to to setup VPN client on xp & win7.
For Windows client, use the following:
http://download.securepoint.de/?d=Securepoint%20SSL%20VPN%20Client/v1.0.3
Post by Ernie Luzar
The FreeBSD handbook has section on IPsec/VPN, but again it assumes server
and client is a FreeBSD host. Looking for how-to on setting up IPsec/VPN on
xp & win7.
For setting up the server, use the following: Use this link:
http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/
Post by Ernie Luzar
I have 2 concerns. How much hesitation will VPN inject into watching tv
programs or movies on my laptops in a foreign country? Will IPsec/VPN
inject longer hesitations?
I cannot tell about the latencies (I guess that is what you call hesitation
:-)) because I haven't tried it.
Post by Ernie Luzar
Can I use the remote VPN client to start the show streaming and then have
the VPN host record the program? Later down loading the program file to my
laptop for viewing?
That is beyond the scope of FreeBSD questions I guess :-)
But maybe someone has done it and will give you their story.
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
Ernie Luzar
2016-07-17 20:18:26 UTC
Permalink
Post by Ernie Luzar
Hello List;
I travel outside of my home country a lot and can not access some
web site content because internet connection is from foreign ip
address range.
I see many how-tos for installing and configuration VPN on a FreeBSD
host. But all most all of these how-tos assume the client will be a
FreeBSD box also. In my case I have 2 laptops I travel with, win xp
& win7. The official OpenVPN website does offer clients for xp &
win7 but configuration info is not available.
Looking for how-to to setup VPN client on xp & win7.
For Windows client, use the
following: http://download.securepoint.de/?d=Securepoint%20SSL%20VPN%20Client/v1.0.3
The FreeBSD handbook has section on IPsec/VPN, but again it assumes
server and client is a FreeBSD host. Looking for how-to on setting
up IPsec/VPN on xp & win7.
http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/
I have 2 concerns. How much hesitation will VPN inject into watching
tv programs or movies on my laptops in a foreign country? Will
IPsec/VPN inject longer hesitations?
I cannot tell about the latencies (I guess that is what you call
hesitation :-)) because I haven't tried it.
Can I use the remote VPN client to start the show streaming and then
have the VPN host record the program? Later down loading the program
file to my laptop for viewing?
That is beyond the scope of FreeBSD questions I guess :-)
But maybe someone has done it and will give you their story.
" For setting up the server, use the following: Use this link:
http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/"

That link content is out-dated. The openvpn port/pkg does not include
the easy-rsa scripts build-ca, build-key-server, build-key, build-dh
that are described in that how-too. The certificates are the backbone of
security for VPN and without correct documentation that how-to is
useless. To make things even worse, the easy-rsa port is lacking a
manual page.
Odhiambo Washington
2016-07-18 09:27:57 UTC
Permalink
Post by Ernie Luzar
Post by Ernie Luzar
Hello List;
I travel outside of my home country a lot and can not access some
web site content because internet connection is from foreign ip
address range.
I see many how-tos for installing and configuration VPN on a FreeBSD
host. But all most all of these how-tos assume the client will be a
FreeBSD box also. In my case I have 2 laptops I travel with, win xp
& win7. The official OpenVPN website does offer clients for xp &
win7 but configuration info is not available.
Looking for how-to to setup VPN client on xp & win7.
http://download.securepoint.de/?d=Securepoint%20SSL%20VPN%20Client/v1.0.3
The FreeBSD handbook has section on IPsec/VPN, but again it assumes
server and client is a FreeBSD host. Looking for how-to on setting
up IPsec/VPN on xp & win7.
http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/
I have 2 concerns. How much hesitation will VPN inject into watching
tv programs or movies on my laptops in a foreign country? Will
IPsec/VPN inject longer hesitations?
I cannot tell about the latencies (I guess that is what you call
hesitation :-)) because I haven't tried it.
Can I use the remote VPN client to start the show streaming and then
have the VPN host record the program? Later down loading the program
file to my laptop for viewing?
That is beyond the scope of FreeBSD questions I guess :-)
But maybe someone has done it and will give you their story.
http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/"
That link content is out-dated. The openvpn port/pkg does not include the
easy-rsa scripts build-ca, build-key-server, build-key, build-dh that are
described in that how-too. The certificates are the backbone of security
for VPN and without correct documentation that how-to is useless. To make
things even worse, the easy-rsa port is lacking a manual page.
That link is very comprehensive, but also if you applied a little common
sense, you'd realize that you can install easy-rsa either using the pkg or
ports. That's what I did and things work so well.

***@waridi:/usr/local/etc/fail2ban # locate easy-rsa
/usr/ports/security/easy-rsa
/usr/ports/security/easy-rsa/Makefile
/usr/ports/security/easy-rsa/distinfo
/usr/ports/security/easy-rsa/files
/usr/ports/security/easy-rsa/files/easyrsa.in
/usr/ports/security/easy-rsa/pkg-descr
/usr/ports/security/easy-rsa/pkg-plist
/usr/ports/security/easy-rsa2
/usr/ports/security/easy-rsa2/Makefile
/usr/ports/security/easy-rsa2/distinfo
/usr/ports/security/easy-rsa2/pkg-descr
/usr/ports/security/easy-rsa2/pkg-plist
***@waridi:/usr/local/etc/fail2ban # pkg search -x easy-rsa
easy-rsa-3.0.1_1 Small RSA key management package based on
openssl
easy-rsa2-2.2.2 Small RSA key management package based on
openssl
***@waridi:/usr/local/etc/fail2ban #

I used that link and it works wonders. I have users roaming everywhere. All
I have to do is generate client certs for them, download it to their PCs,
install the VPN client, configure it (change tun to tap, enable lzo,
disable prompting for username/password) and voila!

Well, just search around for other HOWTOs.
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
Ernie Luzar
2016-07-18 20:53:14 UTC
Permalink
Post by Ernie Luzar
Hello List;
I travel outside of my home country a lot and can not access
some
web site content because internet connection is from foreign ip
address range.
I see many how-tos for installing and configuration VPN on a
FreeBSD
host. But all most all of these how-tos assume the client
will be a
FreeBSD box also. In my case I have 2 laptops I travel with,
win xp
& win7. The official OpenVPN website does offer clients for xp &
win7 but configuration info is not available.
Looking for how-to to setup VPN client on xp & win7.
http://download.securepoint.de/?d=Securepoint%20SSL%20VPN%20Client/v1.0.3
The FreeBSD handbook has section on IPsec/VPN, but again it
assumes
server and client is a FreeBSD host. Looking for how-to on
setting
up IPsec/VPN on xp & win7.
http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/
I have 2 concerns. How much hesitation will VPN inject into
watching
tv programs or movies on my laptops in a foreign country? Will
IPsec/VPN inject longer hesitations?
I cannot tell about the latencies (I guess that is what you call
hesitation :-)) because I haven't tried it.
Can I use the remote VPN client to start the show streaming
and then
have the VPN host record the program? Later down loading the
program
file to my laptop for viewing?
That is beyond the scope of FreeBSD questions I guess :-)
But maybe someone has done it and will give you their story.
http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/"
That link content is out-dated. The openvpn port/pkg does not
include the easy-rsa scripts build-ca, build-key-server, build-key,
build-dh that are described in that how-too. The certificates are
the backbone of security for VPN and without correct documentation
that how-to is useless. To make things even worse, the easy-rsa port
is lacking a manual page.
That link is very comprehensive, but also if you applied a little common
sense, you'd realize that you can install easy-rsa either using the pkg
or ports. That's what I did and things work so well.
/usr/ports/security/easy-rsa
/usr/ports/security/easy-rsa/Makefile
/usr/ports/security/easy-rsa/distinfo
/usr/ports/security/easy-rsa/files
/usr/ports/security/easy-rsa/files/easyrsa.in <http://easyrsa.in>
/usr/ports/security/easy-rsa/pkg-descr
/usr/ports/security/easy-rsa/pkg-plist
/usr/ports/security/easy-rsa2
/usr/ports/security/easy-rsa2/Makefile
/usr/ports/security/easy-rsa2/distinfo
/usr/ports/security/easy-rsa2/pkg-descr
/usr/ports/security/easy-rsa2/pkg-plist
easy-rsa-3.0.1_1 Small RSA key management package based on
openssl
easy-rsa2-2.2.2 Small RSA key management package based on
openssl
I used that link and it works wonders. I have users roaming everywhere.
All I have to do is generate client certs for them, download it to their
PCs, install the VPN client, configure it (change tun to tap, enable
lzo, disable prompting for username/password) and voila!
Well, just search around for other HOWTOs.
Thanks for the details. I see the problem now. That how-to is based on
easy-rsa2-2.2.2 which was installed as part of a older version of the
openvpn port. The current version of openvpn port installs
easy-rsa-3.0.1_1 which is way different than easy-rsa2-2.2.2 which makes
that openvpn install how-to out dated.

Another difference is the version of openvpn installed by the current
openvpn port is different than the openvpn version installed with the
easy-rsa2-2.2.2 version of the port.

Openvpn-2.3.11 now at start time wants "Enter Private key password".
Need to find a way to stop this prompt so openvpn will start at boot
time without human intervention.
Odhiambo Washington
2016-07-19 08:59:36 UTC
Permalink
Howtos can be outdated. No one is paid to maintain them.

About the prompt for the "Enter Private key password", please review how
you generated your certificates. Did you assign a passphrase? You don't
need to!
Post by Ernie Luzar
Post by Ernie Luzar
Hello List;
I travel outside of my home country a lot and can not access
some
web site content because internet connection is from foreign
ip
address range.
I see many how-tos for installing and configuration VPN on a
FreeBSD
host. But all most all of these how-tos assume the client
will be a
FreeBSD box also. In my case I have 2 laptops I travel with,
win xp
& win7. The official OpenVPN website does offer clients for
xp &
win7 but configuration info is not available.
Looking for how-to to setup VPN client on xp & win7.
http://download.securepoint.de/?d=Securepoint%20SSL%20VPN%20Client/v1.0.3
The FreeBSD handbook has section on IPsec/VPN, but again it
assumes
server and client is a FreeBSD host. Looking for how-to on
setting
up IPsec/VPN on xp & win7.
http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/
I have 2 concerns. How much hesitation will VPN inject into
watching
tv programs or movies on my laptops in a foreign country? Will
IPsec/VPN inject longer hesitations?
I cannot tell about the latencies (I guess that is what you call
hesitation :-)) because I haven't tried it.
Can I use the remote VPN client to start the show streaming
and then
have the VPN host record the program? Later down loading the
program
file to my laptop for viewing?
That is beyond the scope of FreeBSD questions I guess :-)
But maybe someone has done it and will give you their story.
http://linoxide.com/linux-how-to/install-configure-openvpn-freebsd-10-2/"
That link content is out-dated. The openvpn port/pkg does not
include the easy-rsa scripts build-ca, build-key-server, build-key,
build-dh that are described in that how-too. The certificates are
the backbone of security for VPN and without correct documentation
that how-to is useless. To make things even worse, the easy-rsa port
is lacking a manual page.
That link is very comprehensive, but also if you applied a little common
sense, you'd realize that you can install easy-rsa either using the pkg or
ports. That's what I did and things work so well.
/usr/ports/security/easy-rsa
/usr/ports/security/easy-rsa/Makefile
/usr/ports/security/easy-rsa/distinfo
/usr/ports/security/easy-rsa/files
/usr/ports/security/easy-rsa/files/easyrsa.in <http://easyrsa.in>
/usr/ports/security/easy-rsa/pkg-descr
/usr/ports/security/easy-rsa/pkg-plist
/usr/ports/security/easy-rsa2
/usr/ports/security/easy-rsa2/Makefile
/usr/ports/security/easy-rsa2/distinfo
/usr/ports/security/easy-rsa2/pkg-descr
/usr/ports/security/easy-rsa2/pkg-plist
easy-rsa-3.0.1_1 Small RSA key management package based on
openssl
easy-rsa2-2.2.2 Small RSA key management package based on
openssl
I used that link and it works wonders. I have users roaming everywhere.
All I have to do is generate client certs for them, download it to their
PCs, install the VPN client, configure it (change tun to tap, enable lzo,
disable prompting for username/password) and voila!
Well, just search around for other HOWTOs.
Thanks for the details. I see the problem now. That how-to is based on
easy-rsa2-2.2.2 which was installed as part of a older version of the
openvpn port. The current version of openvpn port installs easy-rsa-3.0.1_1
which is way different than easy-rsa2-2.2.2 which makes that openvpn
install how-to out dated.
Another difference is the version of openvpn installed by the current
openvpn port is different than the openvpn version installed with the
easy-rsa2-2.2.2 version of the port.
Openvpn-2.3.11 now at start time wants "Enter Private key password".
Need to find a way to stop this prompt so openvpn will start at boot time
without human intervention.
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
Loading...