Feature #1956
VPN: support for OpenVPN roadwarrior
| Status: | CLOSED | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | nethserver-openvpn | |||
| Target version: | v6.4-beta2 | |||
| Resolution: | NEEDINFO: | No |
Description
- system user / password
- client certificate
The roadwarrior configuration should be bridged.
openvpn.patch 
- Rename vpn => ovpn in shorewall configs
(2.28 KB)
Related issues
Associated revisions
First import. Refs #1956
Refactor pki scripts. Refs #1956
translations: fix typo in english and italian languages. Refs #1956
host-to-net.conf template: fix syntax, handle RouteToVPN property. Refs #1956
createlinks: expand host-to-net.conf and reload server on interface-update event. Refs #1956
/etc/shorewall/policy template (15openvpn): fixed syntax. Refs #1956
web ui: add download actions. Refs #1956 1763
host-to-net.conf template: fix typo, fix certificate+password mode. Refs #1956
translations: update english and italian translations. Refs #1956
host-to-net.conf template: push green route to clients. Refs #1956
web ui, db defaults, host-to-net.conf, openvpn-local-client: add Compression option. Refs #1956
/etc/shorewall templates: renamed "vpn" zone to "ovpn". Refs #1956
nethserver-openvpn-genclient: fix created files permssions. Refs #1956
nethserver-openvpn-bridge: execute only when needed. Refs #1956
shorewall template: fix syntax in bridged mode. Refs #1956
web ui: add validation to Accounts module. Refs #1956
web ui: update translation. Refs #1956
nethserver-openvpn-bridge: add device prop to green interface to avoid warnings. Refs #1956
web ui: execute nethserver-openvpn-save in background to avoid event block during bridge creation. Refs #1956
History
#1
Updated by Giacomo Sanchietti almost 8 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#2
Updated by Giacomo Sanchietti almost 8 years ago
- Assignee set to Giacomo Sanchietti
#3
Updated by Giacomo Sanchietti almost 8 years ago
- Status changed from TRIAGED to ON_DEV
- % Done changed from 20 to 30
- Bridged and routed modes
- 3 authentication types:
- Password (PAM)
- Certificate
- Certificate + Password
- Client to client traffic
- Client traffic routed through VPN tunnel
- Client configuration file with CA key included
- Static IP reservation
- Firewall policies:
- vpn -> lan: accept
- vpn -> firewall: accept
- vpn -> net (red): deny unless RouteToVPN property is enabled
- Certificate creation and revocation via command line tools
- Web UI for:
- certificates management
- IP reservation
- download of certificates and client configuration
#4
Updated by Giacomo Sanchietti almost 8 years ago
Certificate management, including working Web UI, has been moved to nethserver-vpn package.
Still missing:- download of certificates and client configuration
#5
Updated by Giacomo Sanchietti almost 8 years ago
- Parent task deleted (
#1763)
#6
Updated by Davide Principi almost 8 years ago
- File openvpn.patch added
Proposed patch
Rename vpn => ovpn in shorewall configs
#7
Updated by Giacomo Sanchietti almost 8 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
Implemented, see nethserver-vpn and nethserver-openvpn for details.
#8
Updated by Giacomo Sanchietti almost 8 years ago
Test must be split in two cases: bridged and routed mode.
Possibly use a Windows machine as client and put it in an external network.
Test case 1: routed mode with certificate
- Enable OpenVPN server, select Routed mode and choose a valid network and netmask different from any other network already configured inside the server
- Select certificate as authentication mode
- Create a new vpn-only account, select certificate authentication mode
- Download generated OpenVPN client configuration and try it on a client
- The client should have an ip from the range and should be able to ping clients behind the firewall and the firewall itself
Test case 2: routed mode with password
- Enable OpenVPN server, select Routed mode and choose a valid network and netmask different from any other network already configured inside the server
- Select password as authentication mode
- Create a new user account and set a password
- Download generated OpenVPN client configuration and try it on a client
- The client should have an ip from the range and should be able to ping clients behind the firewall and the firewall itself
Test case 3: bridged mode
- Enable OpenVPN server, select Bridged mode and choose an ip interval inside local LAN, make sure the range will not collide with the one from dhcp configuration
- Select an authentication mode
- Download generated OpenVPN client configuration and try it on a client
- The client should have an ip from the range and should be able to ping clients behind the firewall and the firewall itself
#9
Updated by Giacomo Sanchietti almost 8 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
- nethserver-vpn-1.0.0-25.0git7a115920.ns6.noarch
- nethserver-openvpn-0.0.1-33.0git922d5655.ns6.noarch.rpm
See also #1763
#10
Updated by Davide Principi almost 8 years ago
- Assignee set to Davide Principi
#11
Updated by Davide Principi almost 8 years ago
- Test case 1 => OK
- Test case 2 => OK
- Test case 3 => Still testing
#12
Updated by Davide Principi almost 8 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 70 to 90
VERIFIED
#13
Updated by Davide Principi almost 8 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-openvpn-1.0.0-1.ns6.noarch.rpm
with dependencies:
pkcs11-helper-1.07-5.el6.x86_64.rpm
openvpn-2.3.1-3.el6.x86_64.rpm