good job aza
we will see us on friday ;)

[ Reply to This | # ]

OpenVPN is an ok solution, but why not use Hamachi? It's a lot easier to set up and get going

[ Reply to This | # ]

Hamachi is closed source, and therefore less trustworthy in the eyes of many people.

[ Reply to This | # ]

Why only a Linux home drive?

I use the OpenVPN plugin on my IPCop firewall. It allows for a full network connection to my home network. There is also a redirect gateway setting which will secure all communications through your home network, perfect for Wi-Fi hotspots. The plugin simplifies all the certificate creation and configuration.

I also use tunnelbick as my openVPN gui on the powerbook. It works great, is reliable and secure, lightweight. My vote is for OVPN over Hamachi due to the Open Source nature of it. You can also get GUI's for Linux and Windows.

I am able to connect itunes sharing with MT-Daapd, Remote Desktops, file share on Windows and Linux servers, ssh to any server behind my firewall. Never really thought of this as a hint as most people who are running a Linux server at home have some idea of what they are trying to do.

[ Reply to This | # ]

I think instead of samaba, netatalk would be a better solution.... and a bit more native.

[ Reply to This | # ]

thanx for the tip!
i'll try that out immediately :)

[ Reply to This | # ]

Well, actually samba and AFP (the service provided by netatalk) are equally native to OS X. Now, if you were connecting an OS 9 box, that would be a different story.

If you want speed, samba is the way to go. The AFP protocol sends all kind of metadata (icon positions, file/folder label colors, etc.) usually associated with Mac disks. So while it would seem a little more integrated into a Mac environment, it is slower than samba, which is a far more efficient file sharing protocol. I guess on a home LAN it wouldn't make much difference, but you will really notice it connecting remotely.



[ Reply to This | # ]

Ouch.... how is it that I always get tripped up with 1 yard to go.
1) Got openVPN via darwin ports (sudo port install openvpn2) which was a fight given that the "lzo2" module was not available in it's normal place.
2) Set everything up verbatim to the openvpn.net instructions (CA authority, certs/keys, etc).
3) Made minimal mods to the example server.conf file provided with openVPN (pointed it to the CA cert/key files).
4) Attempted to launch openvpn with sudo ./openvpn2 /etc/openvpn/server.conf
5) THIS FAILS with:
Wed Aug 16 17:29:32 2006 us=455504 Cannot allocate TUN/TAP dev dynamically
Wed Aug 16 17:29:32 2006 us=455691 Exiting

Now...this same failure appears to turn up on the openVPN discussion group. I am running an Intel MacMini with latest OS 10.4. I did all the openVPN installation with sudo. I've dorked around with the server.conf file, but this doesn't help that problem. I've set dev tun0 and it changed the error message to: Wed Aug 16 17:36:56 2006 us=288472 Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2).
Help?

[ Reply to This | # ]

Okay, I figured it out (see previous post). Here's what I did (that worked) on an OS 10.4 Intel MacMini:

1. Got openVPN via darwin ports command line: sudo port install openvpn2. (The "lzo2" module's site is back up and available, so this should be easier now.) [For newbies, go to and read www.darwinports.org.
2. Set everything up verbatim to the openvpn.net instructions (CA authority, certs/keys, etc). I went with the one server multiple client setup. I also stuck with the TUN interface and did routing, not bridging. I've tried to understand bridging, but it sounds like a whole level of complexity that involves the firewall/router hardware as well. Too complex for our setup.
3. Made only minimal mods to the example server.conf file provided with openVPN (pointed it to the CA cert/key files). I found it handy to create an /etc/openvpn directory and locate the server.conf files there. I put the key files in /etc/openvpn/easy-rsa/keys.
4. Attempted to launch openvpn by cd'ing to /opt/local/sbin and running the line sudo ./openvpn2 /etc/openvpn/server.conf
5. If openvpn works for you, then congrats. Otherwise, read on:
   • I had the failure: Wed Aug 16 17:29:32 2006 us=455504 Cannot allocate TUN/TAP dev dynamically ----- Wed Aug 16 17:29:32 2006 us=455691 Exiting
   • Sounds an awful lot like the TUN/TAP drivers were missing from OS 10.4. The problem being, the only ones I found said they were "questionable" on an Intel machine and on 10.4. I'm not a fan of "questionable" low level software."
   • Now...this same failure appears to turn up on the openVPN discussion group. I am running an Intel MacMini with latest OS 10.4. I did all the openVPN installation with sudo. I've dorked around with the server.conf file, but this doesn't help that problem. I've set dev tun0 and it changed the error message to: Wed Aug 16 17:36:56 2006 us=288472 Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2).
6. Here is how I got unstuck:
   1. In desperation, I downloaded and installed the latest release candidate (3.0rc3) of Tunnelblick (www.tunnelblick.net).
   2. I tried to run Tunnelblick using a server.conf file, but I'm not sure it is intended to run as a server. ???
   3. Quit Tunnelblick and made sure there was no openvpn process still running that it had started top -o command and sudo kill openvpn
   4. Repeated the step above to start openvpn: sudo /opt/local/sbin/openvpn2 /etc/openvpn/server.conf
   5. That's it! It worked!
7. Explanation: It turns out Tunnelblick takes care of installiing the TUN/TAP drivers for you. Once those were installed, openvpn2 had no problem running.
8. There were some easy steps to finish things out: open the firewall, set up the clients (TunnelBlick for Mac or OpenVPNGUI for PCs) and you've got a working VPN. I've got mac's and PCs vpn'ing into my samba share at anytime and I'm even sleeping well at night.
9. Two more things:
   • Because I went with the routing interface, OpenVPN clients can't effectively browse the Samba workgroup. They can get to the Samba share by going to 10.8.0.1 but they can't arbitrarily browse around. Does anybody know how to configure Samba or openvpn to handle this better? I've seen some notes, but haven't tried anything yet.
   • Contribute $$$ to these projects. I figure that between openVPN, Tunnelblick, OpenVPNGUI and TUN/TAP drivers they have saved me from buying a $300-$800 vpn router. Kick 'em down some paypal funds for their good work.

Hope that helps!!!!

[ Reply to This | # ]

Don't forget that the payload in TunnelBlick is a full working version of the "openvpn" binary. I.E. it is a server as well - it is the config that defines the behaviour.
No need for fink and the issues you would hit with tun/tap interfaces and the lzo library issue.
You only need to follow the instructions on openvpn.net for defining a vpn server when you "connect" using a server config everything works as expected - I have tested this and it works (I think Angelo should mention this on his site).




[ Reply to This | # ]

This one looks like quite a lot of effort to me.

What's wrong with MacFUSE + SSHFS ? With MacFusion, mounting of remote filesystems via SSH is just a click away. Especially when no root rights on the remote linux box are available, this hint is a no-go.



[ Reply to This | # ]