VPN help - maemo.org

Active Topics

The N900 is now 15 years old! (9)
to Nokia N900 by Arno_11 - 17 hrs, 16 mins ago
Sailfish OS for the Motorola Moto G7 Power (XT1955-5) - (ocean) (4)
to SailfishOS by Maemish - 6 days, 5 hrs ago
more...

Page 1 of 3

Next >

Thread Tools

Tu13es	2007-09-11 , 15:50
Posts: 61 \| Thanked: 1 time \| Joined on Jul 2007	#1

i'm stuck in class with my n800 and internet access. howwver, they block just about every port. my work has vpn set up that i can log in with a username and passwird that i can use - i dont know exactly what protocol it uses atm.. or, i ciuld set up vpn with my imac on campus.

ive poked around a bit but havent fiund much except that theres a so-so openvpn client thats a pain.

any suggestions or help would be appreciated.

thanks!

Last edited by Tu13es; 2007-09-11 at 15:51. Reason: idiot

Quote & Reply |

psb777	2007-09-11 , 17:18
Posts: 4 \| Thanked: 0 times \| Joined on Sep 2007	#2

You will have to know what protocol before anyone can help. OpenVPN works very well on my other (ordinary Linux) machines, and I hope to install it on my N800 also.

Quote & Reply |

Tu13es	2007-09-11 , 17:30
Posts: 61 \| Thanked: 1 time \| Joined on Jul 2007	#3

Here's what our Wiki says:

It uses poptop, an open source package that uses a modified pppd and a few kernel modules to emulate a Microsoft VPN server. The beauty of this, and the struggle to make this work, is that the stock VPN client of Microsoft Windows is enough to tunnel in. (retrospect- If we had known Gentoo could just build it for us automatically, we wouldn't have felt so grand when it finally started working by scratch)

If you are interested in making your own VPN server using the same software we did, check out Poptop. http://www.poptop.org/

If I can easily set up a client for that I'm all for it. I also would be fine with setting up VPN on my Mac, though I've fiddled with that in the past with no luck.

Thanks!

Quote & Reply |

Tu13es	2007-09-11 , 18:17
Posts: 61 \| Thanked: 1 time \| Joined on Jul 2007	#4

I talked to one of the admins at work and he said if I could get a PPTP client it should work. I found a PPTPclient binary on http://maemo.lancode.de but have no idea how to configure it.

I'm also working on trying to get OpenVPN working so I can use that at home.

Quote & Reply |

rrwright	2007-09-12 , 01:53
Posts: 17 \| Thanked: 1 time \| Joined on Jul 2007	#5

I use OpenVPN extensively (!) on my n800. I am currently traveling indefinately and use the n800 as my primary (or only) computer. Back home, I left a DD-WRT enabled linksys wrt54gl functioning as my openvpn server (works brilliantly!) along with a linux machine and windows box. I connect using openvpn to my network, then VNC or RDesktop into those boxes (respectively). But the most relevant feature of this is the very nice "redirect-gateway def1" feature of openvpn which lets you redirect all your web traffic through the VPN tunnel. So while on the road at unknown, suspicious or certainly compromised access points, as well as restricted connections (ie. the great firewall of china) , my web traffic goes through a secure tunnel to a trusted endpoint and I have the whole internet, safe and secure.

I don't know a lot about the other VPN solutions you have, but I've worked with openvpn a lot and it will definitely do what you want and well. And having it on your home router is a particularly elegant solution.

If you want a good primer on OpenVPN on the N800, check out http://mfresh-n800.blogspot.com/2007...-on-nokia.html He's done a good job (but there are some updated packages you can update after you have those installed).

If you want to set up OpenVPN on your router and need help, let me know and I can help. Good luck.

Ryan

Quote & Reply |

The Following User Says Thank You to rrwright For This Useful Post:
kaliatech

TA-t3	2007-09-12 , 09:14
Posts: 3,841 \| Thanked: 1,079 times \| Joined on Nov 2006	#6

As for PPTP, I'm sure I've read about people getting this to work, here on this forum. Search around a bit, IIRC there was a good description in at least one thread.

__________________
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.

Quote & Reply |

Tu13es	2007-09-12 , 19:02
Posts: 61 \| Thanked: 1 time \| Joined on Jul 2007	#7

Originally Posted by rrwright

I use OpenVPN extensively (!) on my n800. I am currently traveling indefinately and use the n800 as my primary (or only) computer. Back home, I left a DD-WRT enabled linksys wrt54gl functioning as my openvpn server (works brilliantly!) along with a linux machine and windows box. I connect using openvpn to my network, then VNC or RDesktop into those boxes (respectively). But the most relevant feature of this is the very nice "redirect-gateway def1" feature of openvpn which lets you redirect all your web traffic through the VPN tunnel. So while on the road at unknown, suspicious or certainly compromised access points, as well as restricted connections (ie. the great firewall of china) , my web traffic goes through a secure tunnel to a trusted endpoint and I have the whole internet, safe and secure.

I don't know a lot about the other VPN solutions you have, but I've worked with openvpn a lot and it will definitely do what you want and well. And having it on your home router is a particularly elegant solution.

If you want a good primer on OpenVPN on the N800, check out http://mfresh-n800.blogspot.com/2007...-on-nokia.html He's done a good job (but there are some updated packages you can update after you have those installed).

If you want to set up OpenVPN on your router and need help, let me know and I can help. Good luck.

Ryan

Ah, sweet! I'll play with that tutorial and report back.

Thanks a ton!

Quote & Reply |

Tu13es	2007-09-12 , 19:07
Posts: 61 \| Thanked: 1 time \| Joined on Jul 2007	#8

Gah, figures. Upon trying to install the first package in that list on my N800 I get "incompatible application package".

Any ideas?

Quote & Reply |

DragonsLee	2007-09-12 , 19:38
Posts: 14 \| Thanked: 3 times \| Joined on Sep 2007	#9

Hey could you post how you setup your router. I have the same one with DD-wrt V23 SP2 VPN firmware installed. I would like to get the vpn working with the N800.

Quote & Reply |

rrwright	2007-09-13 , 01:31
Posts: 17 \| Thanked: 1 time \| Joined on Jul 2007	#10

Originally Posted by DragonsLee

Hey could you post how you setup your router. I have the same one with DD-wrt V23 SP2 VPN firmware installed. I would like to get the vpn working with the N800.

Under the "Administration" tab, go to "Commands". Put in something like the following and click "Save Startup":

openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
echo "-----BEGIN CERTIFICATE-----
....................
-----END CERTIFICATE-----" > /tmp/server.crt
echo "-----BEGIN RSA PRIVATE KEY-----
....................
-----END RSA PRIVATE KEY-----" > /tmp/server.key
echo "-----BEGIN CERTIFICATE-----
....................
-----END CERTIFICATE-----" > /tmp/CA.crt
echo "-----BEGIN DH PARAMETERS-----
....................
-----END DH PARAMETERS-----" > /tmp/dh2048.pem
echo "server-bridge 172.31.1.1 255.255.255.0 172.31.1.21 172.31.1.29
port 1194
dev tap0
client-to-client
push \"ping 30\"
push \"ping-restart 130\"
push \"mute 20\"
push \"persist-key\"
push \"persist-tun\"
dh /tmp/dh2048.pem
ca /tmp/CA.crt
cert /tmp/server.crt
key /tmp/server.key
verb 3
keepalive 30 130
float
mute 10
comp-lzo
persist-key
persist-tun" > /tmp/openvpn.conf
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn --config /tmp/openvpn.conf &

You will of course put your own information in there for the public key, private key, CA certificate, and Diffie-Hellman parameters in place of the "....................". Just cut and paste out of your cert/key files and past the text in. You will also need to change any of the particulars in that config file to fit your own setup--things like setting your own IPs/netmask in the "server-bridge" section and whatever. The "172.31.1.1" address refers to my router throughout. You can also add and delete other options if you want.

If you're paying attention, this method echos all the important information (certificates, keys, config files) into new files each time the router boots. This is because there is no good place to save the actual files on the router--no persistent memory that's accessible. The last little bit about creating a symlink and running your VPN process from the symlink is to address a problem that DD-WRT has (or used to have?) where the process would mysteriously hang.

Then after you've done that, you need to configure the router's firewall to accept packets on port 1194 (unless you changed the port for some reason, of course). Put the following into the same box on that page (now empty) and click "Save Firewall":

iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT

After that, you're done. Reboot the router and you should have a live OpenVPN server. If you don't know how to create certificate/key pairs, CA certs/keys or DH params, then read the man page for openssl. You can even install openssl on your N800 and do all this without a full-size computer. But if you have a desktop handy, there are good programs for managing your Certificate Authorities, as that can get messy if you have more than just a few clients connecting.

Also, keep in mind that the "redirect-gateway def1" option is something that goes in the client config file, not on the server side. The server doesn't care if you're routing your internet traffic through it or not--at least as far as the openvpn config file goes.

Alright, to forstall another question asking for it, here's an example client config file that I have on my N800:

remote (your public IP or domain name here)
ns-cert-type server
client
dev tap
ca /etc/openvpn/CA.crt
cert /etc/openvpn/n800.crt
key /etc/openvpn/n800.key
float
log /var/log/openvpn.log
status /var/log/openvpn-status.log
comp-lzo
route-gateway 172.31.1.1
redirect-gateway def1 # (this is optional and is used when you want all your traffic to go through the VPN.)