recommend a distro to use for a openvpn server


Recommended Posts

(back with openvpn things budman )

im going to setup a box from scratch for a openvpn server but i wanted to know what distro to use. currently im using the latest version of ubuntu but im not sure if this is recommended or if it even matters.

thank u.

Link to comment
Share on other sites

To be honest it shouldn't matter. Whatever OS your most comfortable with, that is support by it is what you should use.

Are you going to put this box at the edge of your network?? Where the endpoint of a vpn should be.. Or again behind your natting router - if that is what you were going to do, then I could suggest a few firewall/gateway distros that have openvpn already included and is couple simple clicks to setup. Pfsense for one, based off freebsd.

Link to comment
Share on other sites

To be honest it shouldn't matter. Whatever OS your most comfortable with, that is support by it is what you should use.

Are you going to put this box at the edge of your network?? Where the endpoint of a vpn should be.. Or again behind your natting router - if that is what you were going to do, then I could suggest a few firewall/gateway distros that have openvpn already included and is couple simple clicks to setup. Pfsense for one, based off freebsd.

same setup as before. its just going to be a box with a openvpn server connected to the network.

should there be any special specs for it besides the highest speed network card? i mean right now the testing box is running a p4 with i think 512mb ram, nothing else.

pfsense came to mind as a distro, since its dedicated to this but im comfy with how things went with ubuntu (plus i have had more expirence with ubuntu)

Link to comment
Share on other sites

PfSense.

GE

I know pfSense has a good rep but I wanted to know if it is good for this.

Also pfSense has a slow update rate but hey, if it works dont fix it

There is also Untangle - http://www.untangle.com/ It might suit your purposes.

downloading now and installing in a vmware to check it out. the dl is incredibly slow....

Link to comment
Share on other sites

pfsense even though is easier, is not very user friendly when it comes to the first install. im trying it in a vm and for some reason it doesnt detected my lan card correctly.

untangle is SLOW on boot...........i mean slow as in i install pfsense, rebooted, configured it, uninstalled it because i thought something went wrong, reinstalled and and when i was configuring it, THEN untangle finished its boot....

Link to comment
Share on other sites

Unless your going to replace your gateway router I would not suggest pfsense for what your doing. Its just going to complicate your setup more. Just stick with ubuntu unless your going to replace your gateway router. Which is where an endpoint to your VPN belongs in the first place, not some box inside behind a nat.

Link to comment
Share on other sites

Unless your going to replace your gateway router I would not suggest pfsense for what your doing. Its just going to complicate your setup more. Just stick with ubuntu unless your going to replace your gateway router. Which is where an endpoint to your VPN belongs in the first place, not some box inside behind a nat.

ive been messing around with pfsense and creating another openvpn and while it looks intresting (didnt get it to work; cant export the certifcates correctly to a client), ill take your advice and stick to ubuntu.......

Link to comment
Share on other sites

The certificates export just fine on pfsense - did you install the client export package? Can't help you with what you did wrong without some info.

Link to comment
Share on other sites

The certificates export just fine on pfsense - did you install the client export package? Can't help you with what you did wrong without some info.

yes i did.......the problem is that it exports it as a pk12 files when all i want (for compatibility issues) is key/pem, client cert, and ca cert..........tried converting with openssl, did it but nothing...........doesnt matter was just ****ing around with this :) you learn something new everyday.

Link to comment
Share on other sites

Well grab the inline version - that is just the keys in ascii, and you can copy and paste them to any files you want. Grab the viscosity bundle, it has ta.key, key.key and cert.crt and ca.crt -- yeah windows likes to use pk12 with bundled files, so if you grab the windows bundle that is what it exports.

example here is what is in the inline export

<ca>
-----BEGIN CERTIFICATE-----
MIIEQTCCAymgAwIBAgIBADANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJVUzER
snipped
ilERPsVaWREzJRQEl2jFQify+ttvNg6BGhlJDtKu9IxkOanoBUI8VNRXFs7QxSYs
vI2JufYfxGbw7SSAw3r0r8DGjLbVbhaz9/98RcNOvz9yThPAuA==
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIBATANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJVUzER
snipped
g3eJnsMCe9DBFmVaOy/FcoX2usiVXZs4QbC5J3aS8dAS6oab3/Eho3FuPYc9MogT
B0RgyYl5NA==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAzWIDaeFotZieOx+TN8QI4gT4QV6r+fIvPHsVcBoBQCnyLgow
snipped
PAEyw17X4phbJUYhl5OUkeWdGHxS0g/eVm83VTSo2h9VhpISYmhSsuhBsvjB47Ap
XGRRLc0gH43MnLibIQIvFAdWrZcKlgzQUe1GT8B4O+DNLZX1z8MS4Q==
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
a8c26db3b19e3b31596428cf2be7856a
snipped
4f8984f8239a1e29e590426331c2b3c8
-----END OpenVPN Static key V1-----
</tls-auth>

Link to comment
Share on other sites

I run mine in a VM ;) you don't need much hardware for pfsense - and your just talking about a vpn endpoint in general. Not a lot of requirements, unless you were talking hundreds of concurrent sessions?

Link to comment
Share on other sites

Same here Budman, mine is only a very low spec thing. I have 3 running virtually on my network, one PPPoE Router, one Transparent Firewall (no NAT) and one Firewall with NAT.

GE

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.