Looking for P2p file sharing for personal use

[kartal]

Sorry man, I think my question was not clear enough. I meant the "frost" client. Do I need to use Frost to use Freenet? Is Freenet client safe  as it is, or is Frost more secure than Freenet?

-kartal (June 17, 2009, 08:15 PM)

Sorry. I misunderstood.

You don't need to use Frost per sce. But Frost is what gives us all the additional features you usually get with newsgroups (messaging, discussion threads, easy file upload/download, etc.)

I probably should have mentioned that Frost now comes bundled into the current Freenet installer.

I like to read as much possible about something before I install it. If you're like me, take a look at their wiki:

http://wiki.freenetproject.org/HomePage

Especially good is their First Timer's Handbook:

http://wiki.freenetp.../FirstTimersHandBook

You'll want to look at that since it has very clear instructions on how to add friendly nodes to your network.

Hope all this was helpful.

-40hz (June 18, 2009, 06:30 AM)

Ok I got this thing working between 2 computers. I managed to create a message board that both comps can see. But I cannot figure out file sharing inisde Frost. I selected folders to share, enabled uploads etc. But how do other computer can see the uploads?

[40hz]

Hey! You got it running! Cool...

File sharing with Frost works much like sharing does in newsgroups - except you don't actually need to upload the files first - although you can if you want to.

You advertise shares, which then can be requested by anybody on your private net. Frost takes care of the details of getting the file (either from cache or from the advertising machine) and delivering it to the requester. It's not like a classic filesharing system.

How do I share files?

Filesharing works different in Frost than in other apps. You don't upload files to other users, but put them in Freenet.
When you select which files or directories to share on the "Shared files" tab, Frost advertises them to other users. Then when someone asks for a specific file, Frost uploads it to Freenet and the other user gets it from there.

(Note: substitute the phrase "Your Network" for "Freenet" since you'll be running a private net and not using public nodes.)

Take a look at the Frost Wiki.  ( http://jtcfrost.wiki.sourceforge.net/ ) It will explain how it works and also how to use it.

To add additional computers to your net, you need to install Freenet on each of those machines.

See the section How To Add Known Friends on this page for directions:

http://wiki.freenetp.../FirstTimersHandBook

or here for a more detailed explanation:

http://wiki.freenetp...g/FreenetConnections


Keep in mind that this is a P2P application. Think torrent. A lot of people forget that because Frost sometimes makes it feel like you're on a centralized server. One of the people in our net once described it as BitTorrent wedded to a news server. It's not really an accurate analogy, but it gets the idea across.

 

[kartal]

4wd

I am now trying openvpn. I have setup everythong like you said but I am getting an error(in the console) on the client it says
"No server certificate verification method has been enabled"

Also it looks like client1.crt and server.crt files are 0kb
Any ideas?

[4wd]

Also it looks like client1.crt and server.crt files are 0kb
Any ideas?

-kartal (July 06, 2009, 04:20 PM)

Not saying it is, (but it has happened to me), it looks like you failed to enter exactly the same Common Name as you called the batch files with, it's possible that an error was generated when you created the keys/certs but you didn't notice among the DOS output:

Generate certificate & key for server

Next, we will generate a certificate and private key for the server. On Windows:

    build-key-server server

As in the previous step, most parameters can be defaulted. When the Common Name is queried, enter "server". Two other queries require positive responses, "Sign the certificate? [y/n]" and "1 out of 1 certificate requests certified, commit? [y/n]".

Generate certificates & keys for 1 client

Generating client certificates is very similar to the previous step. On Windows:

    build-key client1

Remember that for each client, make sure to type the appropriate Common Name when prompted, i.e. "client1". Always use a unique common name for each client.

* I removed any reference to more than 1 client in the above to make it a bit clearer.

You need to follow the instructions in Setting up your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients pretty much word for word.

So the order of events for Windows should be:

1 ) open up a Command Prompt window and cd to \Program Files\OpenVPN\easy-rsa
2 ) init-config
3 ) edit the vars.bat file to set location/email defaults (or skip this step and just use the given ones if you don't care)
4 ) vars
5 ) clean-all
6 ) build-ca  (default answers normally but enter something at Common Name query - use the same as they do OpenVPN-CA)
7 ) build-key-server server  (enter server at Common Name and answer y to "Sign the certificate? [y/n]" and "1 out of 1 certificate requests certified, commit? [y/n]")
8 ) build-key client1  (same answers as (7) but enter client1 at Common Name)
9 ) build-dh

This should give you all the necessary keys/certs for a simple 1 server/1 client VPN, so it only remains to copy them to their respective config directories.

If you do it again and it still happens, copy the output from all the steps above to a text file and then attach it to a post and I'll see if I can spot anything.
Otherwise, later today I'll set up OpenVPN again, (had to restore my OS from an old image due to cleaning one too many things out driver-wise ), and generate a complete keys directory for a server/client and you can try that.

Addendum: Following the steps above, (except step 3), I've generated server/client1 keys/certs/config that work here.  You'll need to edit client.ovpn and replace 192.168.0.128 with the LAN IP of your OpenVPN server.  Otherwise just delete the config directories you have and replace with these.

I've also attached the DOS output from generating the certs/keys so you can compare with yours and a ping to show it really does work 

[kartal]

4wd

thank you so much I will try asap. If you have not given these detailed instructions I would have never taken this challange. I will let you know and thanks for your time.

Btw I actually tried the instructions on the site word by word but I will try again.

[kartal]

Hmm, I think I ended up getting the same message

I did follow word by word carefully and made sure there were no errors. My server starts fine but I am getting this error on the client. I will try a restart too. It might be a restart, I will also try the gui to see if that one works

Edit 1:
A restart did not do any good for me

Edit 2:
I think I have missed one editing setting in the client file, it has seemed to start now. But when I try pinging 10.8.0.1 I am getting request timeout. What do I do now then? I use static Ip though as in 192.168.2.xxx



C:\Program Files\OpenVPN\config>openvpn client.ovpn
Mon Jul 06 22:38:49 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Mon Jul 06 22:38:49 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an o
fficial port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the def
ault port.
Mon Jul 06 22:38:49 2009 WARNING: No server certificate verification method has been enabled
.  See http://openvpn.net/howto.html#mitm for more info.
Mon Jul 06 22:38:49 2009 Cannot load certificate file client.crt: error:02001002:system libr
ary:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error
:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Mon Jul 06 22:38:49 2009 Exiting

[4wd]

C:\Program Files\OpenVPN\config>openvpn client.ovpn
Mon Jul 06 22:38:49 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Mon Jul 06 22:38:49 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an o
fficial port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the def
ault port.
Mon Jul 06 22:38:49 2009 WARNING: No server certificate verification method has been enabled
.  See http://openvpn.net/howto.html#mitm for more info.
Mon Jul 06 22:38:49 2009 Cannot load certificate file client.crt: error:02001002:system libr
ary:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error
:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Mon Jul 06 22:38:49 2009 Exiting

-kartal (July 06, 2009, 10:39 PM)

This is saying it can't find a certificate named client.crt - the configs and certs/keys I attached are named and refer to client1.crt.

These lines in client.ovpn have to match the names of the files in the config directory.
--------------------------
ca ca.crt
cert client1.crt                                  <- originally: cert client.crt
key client1.key                                  <- originally: key client.key
--------------------------

Have you changed these lines or renamed the files causing them to be mismatched?

Using the certs/keys I generated, the client PC should have the following files in C:\Program Files\OpenVPN\config :

ca.crt
client.ovpn
client1.crt
client1.key

The server PC will have the following, (ignoring any .txt or .log files):

ca.crt
ca.key
dh1024.pem
server.crt
server.key
server.ovpn


Can you attach a config directory list, client.ovpn and server.ovpn from your two machines if it still doesn't work.

[kartal]

4wd,

You are right I have already changed them before your post and tried to edit my post so you would not need to reply Sorry about that. I missed one of the client1s

Now I have Openvpn gui on both, they say they are connected but I cannot ping them at all. Like trying to ping 10.8.0.1 (server) or 10.8.0.6(client1) returns time outs. My firewalls are disabled as well, But the thing is that both pcs are within the same network I do not have a chance to try from outside at the moment.

My original lan ip range is 192.168.2.xxx and I use static Ips.

[4wd]

Now I have Openvpn gui on both, they say they are connected but I cannot ping them at all. Like trying to ping 10.8.0.1 (server) or 10.8.0.6(client1) returns time outs. My firewalls are disabled as well, But the thing is that both pcs are within the same network I do not have a chance to try from outside at the moment.

-kartal (July 06, 2009, 11:36 PM)

Make sure when you disabled it that the Windows firewall didn't kick in.  Which firewall, BTW?

What about tracert ?  eg. tracert 10.8.0.6

I had the same problem when I initially installed OpenVPN, even though I did disable Outpost a couple of times, it didn't want to ping each other - then for some reason it came good.

I attributed it to Outpost just being a bit paranoid but it may well have been something else and after I had disconnected and reconnected OpenVPN a few times something decided to let it play ball.

As I mentioned above, I've since had to restore my system which would have wiped any rules I created in Outpost but OpenVPN fired up and I was able to ping immediately - so at the moment it's

I might give my system an OpenVPN mindwipe and see if I can recreate it.

DOH! Stupid me, when I previously set it up I had a Win7 computer as the client and it was it's firewall, (default Windows), that's what was giving me a hard time.  This time I'm using a XP x86 computer as the client and both it and the server don't have the Windows Firewall service enabled - the client doesn't have a firewall at all.  So Outpost worked fine, it was just the overly paranoid Win7 firewall that caused problems previously, (that and the stupid way it's almost impossible to designate another PC on the network, or even a whole network, as safe).

[Shades]

Likely it is better to completely open up the firewall than disabling it.

Some time ago I had a similar problem with the Online Armor firewall. Even after de-installing that software, I still couldn't get connected to the network even after rebooting (several times). Only after de-installing the driver from the network card in device management and letting Windows redetecting the hardware my network was accessible.

Nowadays, when I need full access I just set it up to be as leaky as the Titanic. It has proven to be more effective (at least to me).

[kartal]

I had totally disabled windows firewalls on both pcs. It did not work either. The server is winxp pro, the client is win xp

first line of tracert
1    <1 ms    <1 ms    <1 ms  WRT150N [192.168.2.1]

The rest is empty and time outs

[Shades]

It looks like you get access to the router but after that (VPN) traffic is blocked in some kind of way.

[kartal]

yeah it looks like that. Do I need to enable ports on the router? That does not make sense does it(for internal network) ?

The Vpn gui shows that they are connected and assigned ips, so something is connecting but I do not know what is failing there.

[Shades]

Are you using the wireless capacity of your router in this test?

If so, it seems that disabling the option "CTS Protection Mode" can help (this option is meant to keep your wireless connection free from the noise generated by other wireless networking equipment (phones, neighbour wireless routers etc.).

[4wd]

If OpenVPN has already established a valid connection between the two machines then the router shouldn't be a problem because any comms for 10.8.0.x will be routed through OpenVPNs' port bypassing anything in the router.

kartal, can you disconnect both client and server, then connect both, (server first), and post the connection logs of each.

Right-click on the tray icon, select View Log and save it.

See here under Troubleshooting.

[kartal]

4wd,

I actually checked the trouble shooting page yesterday but did not help mainly becuase I did not understand couple thigns, and the ones I understood did not resolve my issue.

I am attaching the logs

Shades,
I am using my router as wireless and wired router gateway. I will check out your suggestion.

[4wd]

It's your server, more specifically this line in the log:

Tue Jul 07 10:34:14 2009 Route addition via IPAPI failed

To be able to add additions to the routing you need to be an Administrator - what's happening is the connection is being made OK but because the routing wasn't added to the system the system doesn't know where to send packets for IPs 10.8.0.x, so it fails.

Normally you only see this on Vista/Win7 and to get it to work you have to run OpenVPN-GUI as administrator, either by right-clicking and choosing 'Run As' or using the program properties.

You might also need to use the latest development build OpenVPN 2.1_rc18 which has patches for this, (still need to run the GUI as Administrator though).

EDIT: BTW, don't assume that because you are logged in as an Admin you are The Administrator, I had enough indications to the contrary over the years

I now use this registry edit which makes the Administrator Group owner of every file and not individual administrators - and I haven't had an issue with file ownership since.

[Select]

; Make the Administartors group the owner of files instead of the individual Administrator account.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"nodefaultadminowner"=dword:00000000

This is fine for my machine as it's single user and any functionality to use 'Run As' or Secondary Logon has been stripped out.  If yours is a multi-user machine then I wouldn't recommend it.  Oh yeah, XP only AFAIK.

Another EDIT: What's actually interesting is that the client succeeded:

Mon Jul 06 23:10:03 2009 Route addition via IPAPI succeeded

And why is there a ~11 hour difference in system time if these were done at the same time?

[kartal]

Hi guys,
sorry for the late follow up. My Vpn server crashed las night and I struggled to reinstall whole OS today. I think I have everything up and running and surprisingly the VPN server and client can ping and see eachother!!! Maybe there was something fishy about the previous OS install who knows. But now I have SSH and VPN running side by side I have not tried from outside. Thank you Shades and 4wd again. You guys did tremendous help here. I hope these will be helpful to others too. Points are on the way.

Now that I have stuff running how can I share stuff. I have couple final(ish) questions if you guys do not mind.

-How can I share it from outside? Do I do port forwarding if so which one?
-Can I also add password protection like some kind of dialup with password. Would that be too complicated for me?


thanks

[Shades]

The text in the client log file mentions port 1194, which is officially designated to OpenVPN by IANA (the governing body for port numbers). So that would be the port you use in the port forwarding section of your router.

Because of the certificates you have already put up quite a hurdle for 'drive-by attackers'. If you use strong passwords with your (Windows and/or Linux) user login then you already have quite a decent security perimeter setup.

[4wd]

The text in the client log file mentions port 1194, which is officially designated to OpenVPN by IANA (the governing body for port numbers). So that would be the port you use in the port forwarding section of your router.

-Shades (July 09, 2009, 01:49 AM)

For me personally, this would be one reason to change it away from 1194 into the higher reaches, say >33000.  Having a port open that's designated as an 'access' point to a network is like sticking up a sign saying "Break this Window" in front of a Liquor Store

Because of the certificates you have already put up quite a hurdle for 'drive-by attackers'. If you use strong passwords with your (Windows and/or Linux) user login then you already have quite a decent security perimeter setup.

Having a certificate that asks for a password is good in case your laptop is used without your knowledge, (when you're outside your LAN area), because it will ask for the password before the connection is completed.

It's easy enough to get a certificate that asks for a password, (as I found out by accident), when you install OpenVPN on a client mark the box to install the OpenVPN Certificate Wizard.

Run the wizard:
1) Fill out the info as per a normal key, Common Name (what this client will be called), location, etc (location/org/unit has to match server info).
2) Enter a passphrase and again to verify it.
3) Then hit the Create Request button.

This will create a {client}.key and a {client}.req in the C:\Program Files\OpenVPN\config directory - where {client} is the Common Name you entered for that client.

Rename {client}.req to {client}.csr (Certificate Signing Request).

Copy the file {client}.csr to the C:\Program Files\OpenVPN\easy-rsa\keys directory on the key signing PC, (the server in this case).  If the directory doesn't exist, create it and copy the contents of the server's config directory into it except for the server.ovpn file.

Open a CLI in the easy-rsa directory and enter the following commands:

vars.bat
sign-cert.bat {client}                                <- where {client} matches the prefix of the .csr file

vars.bat already exists, so all you need is the part of build-key.bat that actually signs the CSR, thus:

sign-cert.bat

[Select]

@echo off
cd %HOME%
rem sign the cert request with our ca, creating a cert/key pair
openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem delete any .old files created in this process, to avoid future file creation errors
del /q %KEY_DIR%\*.old

This will generate a {client}.crt certificate file.

Copy {client}.crt and the ca.crt from the server back to the config directory on the client.

Everytime the client now tries to connect to the VPN it will ask for the passphrase you gave when you generated it in the wizard.

Although the above seems rather involved, it isn't really......honest

ADDENDUM: Also, when you issue the build-key command to initially create the client keys there is the following optional response:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:

Just enter a passphrase and verify in the next prompt.

[kartal]

4wd

Before I start this last part I just want to make sure I am on the right Pc. Am I supposed to "Run the wizard:" on the client pc?  I also do not see any certificate wizard in OpenVPN setup. What build are you using?

[kartal]

"This will create a {client}.key and a {client}.req in the C:\Program Files\OpenVPN\config directory - where {client} is the Common Name you entered for that client.

Rename {client}.req to {client}.csr (Certificate Signing Request).

Copy the file {client}.csr to the C:\Program Files\OpenVPN\easy-rsa\keys directory on the key signing PC, (the server in this case).  If the directory doesn't exist, create it and copy the contents of the server's config directory into it except for the server.ovpn file.

Open a CLI in the easy-rsa directory and enter the following commands:

vars.bat
sign-cert.bat {client}                                <- where {client} matches the prefix of the .csr file"

I am also little lost here. I have keys from previous key setup which are like client1.xxx , what am I supposed to do with those? Are they part of the deal? Do I delete them? Shall I rename them and give the same name as is in the wizard?

I know you have given very clear steps but this last part I am not sure if it is meant for a fresh key creation or follow up on the previous ones we have done.

[4wd]

Before I start this last part I just want to make sure I am on the right Pc. Am I supposed to "Run the wizard:" on the client pc?  I also do not see any certificate wizard in OpenVPN setup. What build are you using?

-kartal (July 09, 2009, 12:18 PM)

Yes, client PC - but the second method below will be easier, (I just forgot about it ).

It's part of the installation but it's not normally selected for installation.  IIRC, it's the first unticked box in the selection of things you can install.

I'm using the stable 2.09 release.

I am also little lost here. I have keys from previous key setup which are like client1.xxx , what am I supposed to do with those? Are they part of the deal? Do I delete them? Shall I rename them and give the same name as is in the wizard?

I know you have given very clear steps but this last part I am not sure if it is meant for a fresh key creation or follow up on the previous ones we have done.

-kartal (July 09, 2009, 04:34 PM)

They replace any previous key/cert pair that you generated for that client.

The first method I gave is useful if the client is remote from the key signing machine, (server in your case).  The CSR, (the renamed *.req file), can be emailed to the person in charge of the key signing machine who generates a new *.crt file and returns it and the servers' certificate, (the ca.crt file in your case).  This will give the client a valid key/cert pair for connecting to that server.

The second method, (using build-key.bat), is easier if the client is co-located with the key signing machine, which is your case.  You just generate a new key/cert pair for the client, (deleting the old pair).

To generate a new pair for a client without going through the whole procedure in the How To, (which generates new ones for the server as well - which we don't want):

On the server:
1) In the C:\Program Files\OpenVPN\easy-rsa directory, there should be a directory left called keys from when the keys/certs were originally generated.  In your case, there probably isn't if you're using the set I generated.  If there is, then delete any client1.* files.
    If there isn't, create the C:\Program Files\OpenVPN\easy-rsa\keys directory and then copy all the files from C:\Program Files\OpenVPN\config to C:\Program Files\OpenVPN\easy-rsa\keys.
2) Open a CLI in C:\Program Files\OpenVPN\easy-rsa and enter the following commands:
    vars
    build-key client1

Default answers for most questions except:
    Common Name                                                                      <- enter client1
    A challenge password []:                                                        <- enter a password/passphrase (and verify if it asks)
    Sign the certificate? [y/n]                                                        <-  answer y
    1 out of 1 certificate requests certified, commit? [y/n]                <-  answer y

The new client1.key/client1.crt replace the existing client1 key/crt files on the client1 machine.

NOTE: When I say key signing machine, it refers to the machine that generated the keys/certs and in our case with the current setup we're playing with, it's the same machine as the server.  So in the above the two references are interchangeable.

[kartal]

4wd, thanks for the reply. I am not at home at the moment I will try theser steps when I get back.

I have already tried the second method of filling a password in the command line both times actually. But I do not get a password request box or anything like that when  I login-connect via Openvpn gui? How is supposed to work? Maybe there is something different in your new steps, I will retry it.


Btw do you know easy client switcher for using inside and outside? I realized that I need to edit the client file to direct to right ip which is not a big deal. I am wondering if there is an easier way to deal with it.

thanks

[4wd]

I have already tried the second method of filling a password in the command line both times actually. But I do not get a password request box or anything like that when  I login-connect via Openvpn gui? How is supposed to work? Maybe there is something different in your new steps, I will retry it.

-kartal (July 09, 2009, 08:01 PM)

To tell the truth, I haven't actually tried it that way, (the first method using the wizard works but requires a bit more work with the moving around of CSRs/certs), I assumed that's what the password request was for and it does say "challenge password" which implies it will ask for it when you try to connect.  I'll try it here.

Btw do you know easy client switcher for using inside and outside? I realized that I need to edit the client file to direct to right ip which is not a big deal. I am wondering if there is an easier way to deal with it.

That's easy!!

Create two config files, one called local.ovpn with the IP for when you're on your LAN and one called remote.ovpn with your WAN IP for when you're outside.

Now when you right-click on the tray icon, you can select from local or remote at the top of the menu.