{"id":1178,"date":"2009-08-18T20:06:34","date_gmt":"2009-08-19T00:06:34","guid":{"rendered":"http:\/\/blogs.sungeek.net\/unixwiz\/?p=1178"},"modified":"2009-08-18T20:06:34","modified_gmt":"2009-08-19T00:06:34","slug":"openvpn-between-solaris-and-macosx","status":"publish","type":"post","link":"https:\/\/blogs.sungeek.net\/unixwiz\/2009\/08\/18\/openvpn-between-solaris-and-macosx\/","title":{"rendered":"OpenVPN between Solaris and MacOSX"},"content":{"rendered":"

I decided to see if I could get a VPN connection working between my laptop (running MacOSX) and my home server running Solaris 10. It turned out to be pretty easy to do a simple config. I am using OpenVPN<\/a>. To compile the software on my Solaris box I needed to download 3 items:<\/p>\n

    \n
  1. \n Virtual Point-to-Point (Tun) and Ethernet (TAP) devices driver. I got the version 1.1 from http:\/\/vtun.sourceforge.net\/tun\/<\/a> in source code form.<\/li>\n
  2. LZO version 1.08 compression software from : http:\/\/www.oberhumer.com\/opensource\/lzo\/download\/LZO-v1\/<\/a>\n<\/li>\n
  3. OpenVPN software, I am using the version 2.1RC because I wanted the version to match what I am going to run on the Mac. It can be downloaded from http:\/\/openvpn.net\/index.php\/open-source\/downloads.html<\/a>\n<\/li>\n<\/ol>\n

    Once I got everything downloaded, just compile the LZO, Tun, and OpenVPN:
    \nI decided to have everything related to the vpn installed in \/opt\/vpn. One thing to note, I tried using the new version 2.x of LZO, and OpenVPN would not find it, so I had to use Version 1 even though 2 is supposed to be supported. So I did the following to compile LZO:<\/p>\n

    \r\ngzip -d lzo-1.08.tar.gz\r\ntar -xvf lzo-1.08.tar\r\ncd lzo-1.08\r\n.\/configure --prefix=\/opt\/vpn\/lzo\r\nmake\r\nsudo make install\r\n<\/pre>\n
    Next was to compile TUN<\/p>\n
    \r\ngzip -d tun-1.1.tar\r\ntar -xvf tun-1.1.tar\r\ncd tun-1.1\r\n.\/configure --prefix=\/opt\/vpn\/tun\r\nmake\r\nsudo make install\r\n<\/pre>\n
    Only issue with tun was that it did not use the –prefix, it puts everything where it needs to be in \/usr\/kernel\/drv on solaris.<\/p>\n
    Next is openvpn:<\/p>\n
    \r\ngzip -d openvpn-2.1_rc19.tar.gz\r\ntar -xvf openvpn-2.1_rc19.tar\r\ncd openvpn-2.1_rc19\r\n.\/configure --prefix=\/opt\/vpn\/openvpn --with-lzo-headers=\/opt\/vpn\/lzo\/include --with-lzo-lib=\/opt\/vpn\/lzo\/lib\r\nmake\r\nsudo make install\r\n<\/pre>\n
    Once that is installed I did the simple 1 to 1 vpn connection (static key) for just testing to see if it would work. So in the \/opt\/vpn\/openvpn\/sbin directory I did this:<\/p>\n
    \r\ncd \/opt\/vpn\/openvpn\/sbin\r\n.\/openvpn --genkey --secret static.key\r\n<\/pre>\n
    I then copy that key to my client via some “secure” means<\/p>\n
    Then created a server.conf that looks like this:<\/p>\n
    \r\ndev tun\r\nifconfig 10.8.0.1 10.8.0.2\r\nsecret static.key\r\ncipher AES-256-CBC\r\nkeepalive 10 120\r\n<\/pre>\n
    On my client (MacOSX) I downloaded Tunnelblick from http:\/\/code.google.com\/p\/tunnelblick\/downloads\/list<\/a> and installed it. Next I copied that static.key from the server to the client and put it in ~\/Library\/openvpn. I also created a openvpn.conf in that directory that looked like this:<\/p>\n
    \r\nremote a.b.c.d\r\ndev tun\r\nifconfig 10.8.0.2 10.8.0.1\r\nsecret static.key\r\ncipher AES-256-CBC\r\nroute 10.0.0.0 255.255.255.0\r\n<\/pre>\n
    In the above, a.b.c.d represents my public IP address for my solaris server.<\/p>\n
    Now when you start tunnelblick it will search that directory and find that config file and ask if you want to load it. But we are not quite ready to start yet. The next thing I had to do was forward port 1194 UDP off of my router to my OpenVPN server. I will leave this exercise to you. You will also need to make sure IP forwarding is enabled on the Solaris 10 server (because I only have 1 network card in it, but “two” different networks on the box. IP Forwarding will allow your remote machine to be able to see your local network. And since my OpenVPN server is not the router for the entire network, I had to add a static route on my router to say that 10.8.0.0 is available via the openvpn servers local network address, I.e. 10.0.0.1. <\/p>\n
    You should be able to start the openvpn server now:<\/p>\n
    \r\n\/opt\/vpn\/openvpn\/sbin\/openvpn server.conf\r\n<\/pre>\n
    Once it is started you can use tunnelblick to connect. Once you are connected, you should see that is is connected and the icon has changed from this:
    \n    \"Picture<\/a>
    \nto look like this:
    \n    \"Picture<\/a><\/p>\n
    You should also see a tun0 device show up:<\/p>\n
    \r\nifconfig tun0\r\ntun0: flags=8851 < up ,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST > mtu 1500\r\n\tinet 10.8.0.2 --> 10.8.0.1 netmask 0xffffffff \r\n\topen (pid 608)\r\n<\/pre>\n
    You should now be able to see all your hosts on the “remote” network. Next up I am going to work on doing the pki infrastructure so I can hopefully link other clients both static and dynamic.<\/p>\n
    This make is really nice to be able to see your “home” network while you are away. <\/p>\n","protected":false},"excerpt":{"rendered":"
    I decided to see if I could get a VPN connection working between my laptop (running MacOSX) and my home server running Solaris 10. It turned out to be pretty easy to do a simple config. I am using OpenVPN. To compile the software on my Solaris box I needed to download 3 items: Virtual … <\/p>\n
    Continue reading “OpenVPN between Solaris and MacOSX”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[44,2,37],"tags":[177,469,176,444,178,179],"class_list":["post-1178","post","type-post","status-publish","format-standard","hentry","category-security","category-solaris","category-vpn","tag-lzo","tag-macosx","tag-openvpn","tag-solaris","tag-tun","tag-tunnelblick"],"_links":{"self":[{"href":"https:\/\/blogs.sungeek.net\/unixwiz\/wp-json\/wp\/v2\/posts\/1178","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.sungeek.net\/unixwiz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.sungeek.net\/unixwiz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.sungeek.net\/unixwiz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.sungeek.net\/unixwiz\/wp-json\/wp\/v2\/comments?post=1178"}],"version-history":[{"count":7,"href":"https:\/\/blogs.sungeek.net\/unixwiz\/wp-json\/wp\/v2\/posts\/1178\/revisions"}],"predecessor-version":[{"id":1187,"href":"https:\/\/blogs.sungeek.net\/unixwiz\/wp-json\/wp\/v2\/posts\/1178\/revisions\/1187"}],"wp:attachment":[{"href":"https:\/\/blogs.sungeek.net\/unixwiz\/wp-json\/wp\/v2\/media?parent=1178"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.sungeek.net\/unixwiz\/wp-json\/wp\/v2\/categories?post=1178"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.sungeek.net\/unixwiz\/wp-json\/wp\/v2\/tags?post=1178"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}