Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 27 replies
  • Subscribers 2 subscribers
  • Views 39659 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro as a client to OpenVPN Server

maxbux
Hi everyone?
Just discovered I can’t trust the government and ISP with my data [:@]

I am looking into encrypting everything. I have a server running OpenVPN Access server on Amazon and can connect to it using its client.

Is it possible to create a VPN tunnel between Astaro and the OpenVPN server so that all traffic that leaves my LAN is encrypted? 

Something like this:



Thank you


This thread was automatically locked due to age.
Parents
  • 0
    On a related note, I got my OVPN file converted to an APC file with the script mentioned, however I'm getting the following error what I try to load it:

    The SSL site-to-site VPN client connection object requires a number in the range 1-65535 for the server port attribute.

    I'v tried to manually add the port to the APC file, however I get the "file corrupt" error anytime I make a change.

    If anyone can help with this I'd be grateful, I'd really like to get this connection setup.
  • 0 in reply to Atticka

    Hi,

    That's because the "ovpn to apc" script could not find the port number in your ovpn source file. This happens when the port number isn't specified in a dedicated "port" line but next to the host IP. Example :
    remote 212.129.33.61 443

    I've just corrected the problem by adding the following lines next to line 161, so the "RemPort" variable is taken from the "remote" line :

    (161)       RemPort=`grep "^port " ${OvpnFile} | cut -d ' ' -f2 |tr -d '\r\n'`
    (162)       if [ -z "${RemPort}" ]; then
    (163)           # Looks like port number isn't given in its specific line
    (164)           # Trying to catch port number from the "remote" line
    (165)           RemPort=`grep "^remote " ${OvpnFile} | cut -d ' ' -f3 |tr -d '\r\n'`
    (166)       fi

    To avoid "File Corrupt" issue when editing manually your port number within your converted pac file, you have to edit the apc file with a Hex editor, and edit the Hex Byte value preceding your port number. The Hex Byte value must be equal to the length of your port number value.

    For example :
    if your port number is 443, the length is 3 characters, you'll have :
    .. 03 followed by the Hex value of your port number : 34 34 33 (443), followed everytime by 0b 00 00 00 ..

    If your port number is 40000, the length is 5 characters, you'll have :
    .. 05 followed by 34 30 30 30 30 (40000), followed by 0b 00 00 00 ..

    Hope this will help.

  • 0 in reply to JohnSmith6

    Hi, John, and welcome to the UTM Community!

    Are you saying that you have successfully used ovpn-to-apc to create a client file that is currently connecting a UTM to a non-UTM OpenVPN server?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi,

    Actually no, I'm now stuck because my "ta_xxxxxx.key" file generated by the script is empty as my "FreeVPN" provider (freevpn.me) doesn't provide a <tls-auth> section in their .ovpn file :-(

    If you have an idea how I should work with .ovpn files provided by freevpn.me, let me know.

Reply
  • 0 in reply to BAlfson

    Hi,

    Actually no, I'm now stuck because my "ta_xxxxxx.key" file generated by the script is empty as my "FreeVPN" provider (freevpn.me) doesn't provide a <tls-auth> section in their .ovpn file :-(

    If you have an idea how I should work with .ovpn files provided by freevpn.me, let me know.

Children
No Data
Unfiltered HTML