OpenVPN w/Samba on OS 10.4 *WORKING*

OpenVPN w/Samba on OS 10.4 *WORKING* | 11 comments | Create New Account

Click here to return to the 'OpenVPN w/Samba on OS 10.4 *WORKING*' hint

The following comments are owned by whoever posted them. This site is not responsible for what they say.

OpenVPN w/Samba on OS 10.4 *WORKING*
Authored by: mizraith on Aug 25, '06 09:49:34AM

Okay, I figured it out (see previous post). Here's what I did (that worked) on an OS 10.4 Intel MacMini:

Got openVPN via darwin ports command line: sudo port install openvpn2. (The "lzo2" module's site is back up and available, so this should be easier now.) [For newbies, go to and read www.darwinports.org.
Set everything up verbatim to the openvpn.net instructions (CA authority, certs/keys, etc). I went with the one server multiple client setup. I also stuck with the TUN interface and did routing, not bridging. I've tried to understand bridging, but it sounds like a whole level of complexity that involves the firewall/router hardware as well. Too complex for our setup.
Made only minimal mods to the example server.conf file provided with openVPN (pointed it to the CA cert/key files). I found it handy to create an /etc/openvpn directory and locate the server.conf files there. I put the key files in /etc/openvpn/easy-rsa/keys.
Attempted to launch openvpn by cd'ing to /opt/local/sbin and running the line sudo ./openvpn2 /etc/openvpn/server.conf
If openvpn works for you, then congrats. Otherwise, read on:
- I had the failure: Wed Aug 16 17:29:32 2006 us=455504 Cannot allocate TUN/TAP dev dynamically ----- Wed Aug 16 17:29:32 2006 us=455691 Exiting
- Sounds an awful lot like the TUN/TAP drivers were missing from OS 10.4. The problem being, the only ones I found said they were "questionable" on an Intel machine and on 10.4. I'm not a fan of "questionable" low level software."
- Now...this same failure appears to turn up on the openVPN discussion group. I am running an Intel MacMini with latest OS 10.4. I did all the openVPN installation with sudo. I've dorked around with the server.conf file, but this doesn't help that problem. I've set dev tun0 and it changed the error message to: Wed Aug 16 17:36:56 2006 us=288472 Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2).
Here is how I got unstuck:
1. In desperation, I downloaded and installed the latest release candidate (3.0rc3) of Tunnelblick (www.tunnelblick.net).
2. I tried to run Tunnelblick using a server.conf file, but I'm not sure it is intended to run as a server. ???
3. Quit Tunnelblick and made sure there was no openvpn process still running that it had started top -o command and sudo kill openvpn
4. Repeated the step above to start openvpn: sudo /opt/local/sbin/openvpn2 /etc/openvpn/server.conf
5. That's it! It worked!
Explanation: It turns out Tunnelblick takes care of installiing the TUN/TAP drivers for you. Once those were installed, openvpn2 had no problem running.
There were some easy steps to finish things out: open the firewall, set up the clients (TunnelBlick for Mac or OpenVPNGUI for PCs) and you've got a working VPN. I've got mac's and PCs vpn'ing into my samba share at anytime and I'm even sleeping well at night.
Two more things:
- Because I went with the routing interface, OpenVPN clients can't effectively browse the Samba workgroup. They can get to the Samba share by going to 10.8.0.1 but they can't arbitrarily browse around. Does anybody know how to configure Samba or openvpn to handle this better? I've seen some notes, but haven't tried anything yet.
- Contribute $$$ to these projects. I figure that between openVPN, Tunnelblick, OpenVPNGUI and TUN/TAP drivers they have saved me from buying a $300-$800 vpn router. Kick 'em down some paypal funds for their good work.

Hope that helps!!!!

Search

From our Sponsor...

Latest Lion Hints

User Functions

What's New:

Hints

Comments last 2 days

Links last 2 weeks

What's New in the Forums?

Hints by Topic

News from Macworld

From Our Sponsors