Need to setup my NAS for access from external trusted IP addresses.

Thanks for that! Helped a lot.

Although I’ve ran into another problem. I’ve finished setting up the server.conf, and I tried to start up the OpenVPN process but it failed.

Any ideas?

root@bally-server:/etc/openvpn# sudo /etc/init.d/openvpn start * Starting virtual private network daemon(s)...
  • Autostarting VPN ‘server’ [fail]
    root@bally-server:/etc/openvpn#

EDIT: I found this in the log:

Mon Apr 30 02:29:06 2012 OpenVPN 2.1.0 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010 Mon Apr 30 02:29:06 2012 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you con$ Mon Apr 30 02:29:06 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mon Apr 30 02:29:06 2012 Cannot open /etc/openvpn/easy-rsa/2.0/keysdh1024.pem for DH parameters: error:02001002:system library:fopen:No such file or directory: error:2006D080:B$ Mon Apr 30 02:29:06 2012 Exiting

Does this mean I need to make new DH parameters? This is all somewhat confusing.

Mon Apr 30 02:29:06 2012 Cannot open /etc/openvpn/easy-rsa/2.0/[b]keysdh1024.pem[/b] for DH parameters: error:02001002:system library:fopen:[b]No such file or directory[/b]: error:2006D080:B$

Looks like there is an error in your server.conf file … I gather the bit I’ve highlighted in red should read -

keys/dh1024.pem
not
keysdh1024.pem

You are looking for the line
dh /etc/openvpn/easy-rsa/2.0/keysdh1024.pem

change it to
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem

You really need to study your error messages more thoroughly :wink:

A simple thing… always the simplest of things…

I do, but I’m really not much of a reader, I’m one of those fast scanners that try highlight something to see if it works. >.<

It’s an old habit.

So you DON’T then :stuck_out_tongue:

Just pulling your leg :wink:

I’ve fixed that, but it’s still failing to start.

The log says it can’t load my server.crt.

What a P.I.T.A :frowning:

The exact error message would help.

Mon Apr 30 17:50:49 2012 Cannot load certificate file /etc/openvpn/easy-rsa/2.0/keys/server.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:B$

And is there a server.crt there ?

ls /etc/openvpn/easy-rsa/2.0/keys

No.

is there a server.crt anywhere ?

sudo find / -name server.crt

I’m not on my Linux partition atm, currently on the Win8 partition (which is slow as horse-poo). I’ll see if there are SSH programs for Windows, more than likely though.

Have you tried Putty?
http://www.chiark.greenend.org.uk/~sgtatham/putty/

+1 for PuTTY as a Windows SSH Client :slight_smile:

Funnily enough, I am using PuTTY as a SSH client on Windows, lol.

Mark & I have decided it would be best to scrap the whole VNC thing, and start again. This time using FTP through VNC.

So, I’ve installed ProFTPD through webmin on my NAS, what’s next?

EDIT: VNC is still installed btw.

I take it you mean VPN :wink:

What’s the servers static LAN IP again ?

Yes, sorry still not woken up properly yet. :frowning:

Server’s static IP is 192.168.0.8

On your laptop … open your web browser, and in the address bar enter:
ftp://192.168.0.8:21
(or click that link)

Can you now log into your home directory on the server using your Linux login and password ?

Yes I can. :smiley:

If you want FTP available from outside the LAN (ie. from the internet), here’s what you need to do …
(BE AWARE, until we get it running through a VPN tunnel, and firewall off everything except the VPN port, which will force all connections to require a certificate … it won’t be very secure)

a) Create a user account for your brother, that preferably doesn’t have root privileges (ie. isn’t in the admin group)

b) preferably in the /etc/proftpd/proftpd.conf file change the port that ProFTPD is using from the default 21 to some arbitrary port such as 43187 … and whilst you’re there, set the “DefaultRoot” option to jail all users in their home directory.

c) in the router, forward that port to the servers static LAN IP.

d) make sure all other ports are stealthed, or forwarded elsewhere.

e) make sure the password to the only account that is in the admin group is strong.

f) set up your DynDNS account, and set it up in the router.

Done

b) preferably in the [b]/etc/proftpd/proftpd.conf[/b] file change the port that ProFTPD is using from the default 21 to some arbitrary port such as 43187 .. and whilst you're there, set the "DefaultRoot" option to jail all users in their home directory.

Done - Default value for “DefaultRoot” was “~” which is the home directory isn’t it? Any time I try enter ftp://192.168.0.8:(portnumber) it won’t work, yet if I leave the port number out I can connect? :o Tried it with the port forward rule on and off. Still happens.

c) in the router, forward that port to the servers static LAN IP.

Done

d) make sure all other ports are stealthed, or forwarded elsewhere.

How do I do this?

e) make sure the password to the only account that is in the admin group is strong.

It is.

f) set up your DynDNS account, and set it up in the router.

It didn’t give me a hostname… so I can’t complete that part. ???