[nycbug-talk] road-warrior IPsec setup: looking for references
Tillman Hodgson
tillman
Wed Aug 31 08:44:46 EDT 2005
On Wed, Aug 31, 2005 at 07:33:47AM -0400, Mike Hernandez wrote:
> On 8/31/05, Tillman Hodgson <tillman at seekingfire.com> wrote:
> > Anyone worked with the Tunnelblick GUI on OS X to get OpenVPN going? If
> > I can resolve the issues I'm having with it, perhaps I can stick with
> > OpenVPN and that would be great.
>
> Actually just yesterday I successfully set up a vpn from my freebsd
> box at home to my powerbook using openvpn from ports and tunnelblick.
> I had some issues with my netgear wireless router/firewall at first -
> it doesn't seem to want to forward udp packets. But with tcp it works
> fine. I can send you my configs if you want, just let me know.
I'd appreciate that muchly, thanks.
I've normally used simple static shared keys, one per host, and all
terminating on the same sparc64 tunnel server running FreeBSD -current
from 25 Apr 2005. I tend to upgrade this particular box fairly slowly
because of the network disruption it causes.
Anyway, Tunnelblick doesn't seem to like static keys and wants to use
teh full OpenSSL PKI stuff. I gave it one try, rushed for time and from
a remote location where I didn't have easy access to any sort of
documentation, and (not surprisingly) it didn't work.
The biggest problem is that while I was setting it up I changed the
config file a few times by hand in ~/Library/openvpn. But Tunnelblick
seems to ignore my changes ... when I edit the configuration from within
Tunnelblick (it calls TextEdit to do the dirty work), I get a different
version of the file. And that version points to the wrong certificate
name, as well as having other errors. It looks like an early version of
my config. I looked around but I can't figure out where it's getting
this configuration from ... any idea where OpenVPN stores it's config
files? The website refers to ~/Library/openvpn, but that seems to be
only for storing certificates.
-T
--
"If 'everybody knows' such-and-such, then it ain't so, by at least ten
thousand to one."
-- Robert Heinlein
More information about the talk
mailing list