Feature #1958

VPN: add support for OpenVPN net2net

Added by Giacomo Sanchietti about 8 years ago. Updated almost 8 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-openvpn
Target version:v6.4-beta2
Resolution: NEEDINFO:No

Description

Support OpenVPN VPN between bridged networks.

See: http://www.shorewall.net/OPENVPN.html

Related issues

Related to NethServer 6 - Feature #1763: VPN CLOSED 08/28/2013 09/16/2013

Associated revisions

Revision 66f56849
Added by Giacomo Sanchietti almost 8 years ago

openvpn-client, openvpn-local-client: add scripts for client configuration. Refs #1958 #1956

Revision c64b22e4
Added by Giacomo Sanchietti almost 8 years ago

web ui: save certificate to filesystem. Refs #1958

Revision eafe6488
Added by Giacomo Sanchietti almost 8 years ago

createlinks: add 3 new events: nethserver-vpn-create, nethserver-vpn-update, nethserver-vpn-delete. Refs #1958

Revision 180777f1
Added by Giacomo Sanchietti almost 8 years ago

web ui: chmod client pem file. Refs #1958

Revision ee45174e
Added by Giacomo Sanchietti almost 8 years ago

vpn clients: add /var/lib/nethserver/certs/clients directory. Refs #1958

Revision c0733f12
Added by Giacomo Sanchietti almost 8 years ago

createlinks: add 3 new events: nethserver-vpn-create, nethserver-vpn-update, nethserver-vpn-delete. Refs #1958

Revision 8625834c
Added by Giacomo Sanchietti almost 8 years ago

shorewall configuration: change default vpn policy. Refs #1958

Revision 19c40c85
Added by Giacomo Sanchietti almost 8 years ago

db defaults: add ServerStatus property. Refs #1958

Revision f06a1a8d
Added by Giacomo Sanchietti almost 8 years ago

nethserver-vpn-save event: delete server configuration when disabled. Refs #1958

Revision 0f2e4dbd
Added by Giacomo Sanchietti almost 8 years ago

createlinks: always restart openvpn service. Refs #1958

Revision 99d50c57
Added by Giacomo Sanchietti almost 8 years ago

createlinks: rename nethserver-vpn-update to nethserver-vpn-modify event. Refs #1958

Revision 874d8466
Added by Giacomo Sanchietti almost 8 years ago

host-to-neth.conf, spec, createlinks: create configuration for net2net clients. Refs #1958

Revision 37f9fcc5
Added by Giacomo Sanchietti almost 8 years ago

web ui: add support for Compression option. Refs #1958

Revision 0a66e57c
Added by Giacomo Sanchietti almost 8 years ago

web ui: save psk to a separate file. Refs #1958

Revision 130affbc
Added by Giacomo Sanchietti almost 8 years ago

createlinks: create new event nethserver-vpn-modify. Refs #1958

Revision 43475ae6
Added by Giacomo Sanchietti almost 8 years ago

createlinks: fix /var/lib/nethserver/certs/clients permissions. Refs #1958

Revision d4af0e77
Added by Giacomo Sanchietti almost 8 years ago

web ui, event: create new nethserver-vpn-save event. Refs #1958

Revision 3237950e
Added by Giacomo Sanchietti almost 8 years ago

create /etc/openvpn/ccd empty dir. Refs #1958

Revision dca61509
Added by Giacomo Sanchietti almost 8 years ago

nethserver-openvpn-net2net: create ccd file for user accounts. Refs #1958

Revision 9a9e7b77
Added by Giacomo Sanchietti almost 8 years ago

nethserver-openvpn-net2net: clean ccd directory. Refs #1958

Revision ef68f2cb
Added by Giacomo Sanchietti almost 8 years ago

spec: change /var/lib/nethserver/certs/clients mode. Refs #1958 #1956

Revision 35e7d2ca
Added by Giacomo Sanchietti almost 8 years ago

createlinks: change /etc/openvpn/ccd mode. Refs #1958

Revision fb67bd34
Added by Giacomo Sanchietti almost 8 years ago

createlinks: execute nethserver-openvpn-delserver and expand /etc/openvpn/host-to-net.conf on nethserver-vpn-save event. Refs #1958

Revision 419b5189
Added by Giacomo Sanchietti almost 8 years ago

nethserver-openvpn-genclient: add log append option. Refs #1958

Revision 879e62f2
Added by Giacomo Sanchietti almost 8 years ago

nethserver-openvpn-delclient: fix parameter handling. Refs #1958

Revision 0592ec85
Added by Giacomo Sanchietti almost 8 years ago

web ui: handle accounts modifications. Refs #1958

History

#1 Updated by Giacomo Sanchietti almost 8 years ago

  • NEEDINFO changed from No to Yes

Is a web UI needed?
Should be a only a documentation page or should we add a full support?

#2 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

A net-to-net VPN is a simple roadwarrior connection plus information about route to remote network.
It's possible to inform the server and client about special routes depending on the client identity.

See client-config-dir OpenVPN option and the following links:

Need some testing before implementation.

#4 Updated by Giacomo Sanchietti almost 8 years ago

  • Parent task deleted (#1763)

#5 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#6 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

Implemented using VPN Accounts and Clients. See nethserver-vpn.

#7 Updated by Giacomo Sanchietti almost 8 years ago

  • Assignee deleted (Giacomo Sanchietti)

Test case

  • Install two NethServer connected with a public IP and configured as server and gateway
  • Put a client behind each firewall
  • Configure a NethServer as master activating OpenVPN server in routed mode with certificate-based authentication
  • Configure second NethServer as client
  • Check if ping between host is working

#8 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70
Packages in nethserver-testing:
  • nethserver-vpn-1.0.0-25.0git7a115920.ns6.noarch
  • nethserver-openvpn-0.0.1-33.0git922d5655.ns6.noarch.rpm

See also #1763

#9 Updated by Giacomo Sanchietti almost 8 years ago

  • NEEDINFO changed from Yes to No

#10 Updated by Davide Principi almost 8 years ago

  • Assignee set to Davide Principi

#11 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from ON_QA to TRIAGED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 20

#12 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#13 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

Expand server template to correctly handle net2net tunnles, refactor Account web ui.

#14 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Packages in nethserver-testing:
  • nethserver-openvpn-0.0.1-37.0git7154fc0c.ns6.noarch.rpm
  • nethserver-vpn-1.0.0-27.0git3d3df062.ns6.noarch.rpm

See previous test cases.

#15 Updated by Davide Principi almost 8 years ago

  • Assignee set to Davide Principi

#16 Updated by Davide Principi almost 8 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90

VERIFIED

   # rpm -qa | grep ^neth | sort
nethserver-base-1.4.3-1.ns6.noarch
nethserver-directory-1.2.3-1.ns6.noarch
nethserver-dnsmasq-1.0.5-4.0git1c0ef001.ns6.noarch
nethserver-firewall-base-1.0.5-7.0git9a08773c.ns6.noarch
nethserver-grub-1.0.2-1.ns6.noarch
nethserver-hosts-1.0.5-1.ns6.noarch
nethserver-httpd-admin-1.0.6-1.ns6.noarch
nethserver-ipsec-0.0.7-1.ns6.noarch
nethserver-lib-1.3.2-1.ns6.noarch
nethserver-nethgui-1.2.4-1.ns6.noarch
nethserver-ntp-1.0.5-1.ns6.noarch
nethserver-openssh-1.0.3-1.ns6.noarch
nethserver-openvpn-0.0.1-37.0git7154fc0c.ns6.noarch
nethserver-php-1.1.0-1.ns6.noarch
nethserver-release-6.4-beta2.noarch
nethserver-samba-1.3.6-1.ns6.noarch
nethserver-shorewall-1.0.1-3.0git29edddbd.ns6.noarch
nethserver-smartd-1.0.0-1.ns6.noarch
nethserver-vpn-1.0.0-27.0git3d3df062.ns6.noarch
nethserver-yum-1.1.1-1.ns6.noarch

#17 Updated by Davide Principi almost 8 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates:
nethserver-openvpn-1.0.0-1.ns6.noarch.rpm

with dependencies:
pkcs11-helper-1.07-5.el6.x86_64.rpm
openvpn-2.3.1-3.el6.x86_64.rpm

Also available in: Atom PDF