Author Topic: Looking for P2p file sharing for personal use (Read 69693 times)

Shades · « **Reply #75 on:** July 09, 2009, 08:44 PM »

You could also try this freeware tool (apmReader) to create your certificates.

At least this is a tool that I know of what is able to create certificates with a GUI. Undoubtedly there will be a (lot more) tools able to do the job. But besides creating certificates, you can also manage them with this tool. Windows is actually also quite capable with certificate management out of the box (but you have to fold the box first, if you catch my drift).

4wd · « **Reply #76 on:** July 09, 2009, 09:29 PM »

Undoubtedly there will be a (lot more) tools able to do the job.
-Shades (July 09, 2009, 08:44 PM)

Including xca at SourceForge.

It can import, export, manage, create, sign and, (this might help you kartal), change password - so you could actually import the keys you have and add a password.

kartal · « **Reply #77 on:** July 09, 2009, 11:11 PM »

Hi

A lot to digest, I will go through the solutions and try the suggested applications. Again thank you guys.

4wd, you should try turning your step by steps in this topic to a VPN tutorial. This has been the most comprehensive and helpful I have seen so far. Just open a blog post and put it in there. I am sure many people will find them helpful.

4wd · « **Reply #78 on:** July 10, 2009, 12:07 AM »

4wd, you should try turning your step by steps in this topic to a VPN tutorial. This has been the most comprehensive and helpful I have seen so far. Just open a blog post and put it in there. I am sure many people will find them helpful.
-kartal (July 09, 2009, 11:11 PM)

Thanks, but sorry, I don't do blogging

kartal · « **Reply #79 on:** July 10, 2009, 12:55 AM »

Well you do not need to blog. You can just open a blog put your post about OpenVpn and you are done pretty much. You can forget it forever

It will be a nice tutorial page. Just my cents

kartal · « **Reply #80 on:** July 14, 2009, 06:10 PM »

Hi

I tried to find some info about sharing my already shared network drives on Openvpn but I could not. Is it possible to access shared folders(on another comp on the network) on Openvpn? I just do not want to install the server on every machine.

thanks

Shades · « **Reply #81 on:** July 14, 2009, 06:58 PM »

You should setup the invitation based remote desktop client from Microsoft for a RDP connection between the PC at your work and any of the PC's that are accessible in your network.

After you logged into your VPN network you should use the RDP connection for the PC you want to access. Once that connection is build you should get a new login screen, the default one from windows (assuming you use Windows and that particular way of logging in). Finish that login procedure as well and you have as much access to the PC/LAN as you would have sitting behind the PC/LAN (again, assuming you log in as a user who is allowed to do all things on that PC/LAN).

4wd · « **Reply #82 on:** July 14, 2009, 07:11 PM »

I tried to find some info about sharing my already shared network drives on Openvpn but I could not. Is it possible to access shared folders(on another comp on the network) on Openvpn? I just do not want to install the server on every machine.
-kartal (July 14, 2009, 06:10 PM)

You can either:
a) install the client on all your computers, (which will give you a totally encrypted LAN besides your normal LAN), and enable this line in the server.ovpn file:

client-to-client <- This will allow the clients to see each other, by default they only see the server.

b) Bridging the adapters, (OpenVPN and your LAN), there's a easy tutorial here - use your own info for ports, keys, certs, etc in the config files.

c) push the LAN IPs - I'll get back to you on this, I have to go look it up

Just to clarify, you only want to see your normal LAN shares, (192.168.2.x), from clients on the VPN ?

I ask because method (c) will be the easiest.

I take that back, (after having read the docs a bit), method (b) is probably more suited to what you want. Have a go at following the tutorial I linked to, I'll modify the configs to what I think they should be incorporating what's on the page and what my setup is, you can then substitute your own LAN IPs, key/cert names in the appropriate places.

kartal · « **Reply #83 on:** July 14, 2009, 10:47 PM »

thanks again guys!

Shades I think your suggestion goes beyond my knowledge fo these matters so I will stick to 4wd`s solution

4wd,

Do I need to recreate keys for servers and clients everytime I add a new client? Because I did not, I did just create the client2 key and did that build dh thing and copied the original ca.crt(from thr server) file to the client.. It is not connecting. The only thing is that client2 is a xp64, and I know 64bit network drivers are tricky. Also I am in the middle of something and I have not restarted my computer this time.

Tue Jul 14 22:45:10 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Jul 14 22:45:10 2009 Re-using SSL/TLS context
Tue Jul 14 22:45:10 2009 LZO compression initialized
Tue Jul 14 22:45:10 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jul 14 22:45:10 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jul 14 22:45:10 2009 Local Options hash (VER=V4): '41690919'
Tue Jul 14 22:45:10 2009 Expected Remote Options hash (VER=V4): '530fdded'
Tue Jul 14 22:45:10 2009 UDPv4 link local: [undef]
Tue Jul 14 22:45:10 2009 UDPv4 link remote: 192.168.2.102:1194
Tue Jul 14 22:45:10 2009 TLS: Initial packet from 192.168.2.102:1194, sid=cf90f7f2 6160b820
Tue Jul 14 22:45:10 2009 VERIFY OK: depth=1, /C=US/ST=WI/L=SanFrancisco/O=OpenVPN/CN=OpenCPN-CA/[email protected]
Tue Jul 14 22:45:10 2009 VERIFY OK: depth=0, /C=US/ST=WI/O=OpenVPN/CN=server/[email protected]

The gui icon in taskbar is yellow monitor and that is as far as it goes in the gui log.

Shades · « **Reply #84 on:** July 14, 2009, 11:11 PM »

Creating a new key pair for each client is the good and proper way of certification. By doing so you can setup secure connections between clients as well.

Since you are presumably the one and only user you could do with the already created key pair(s). Likely you already have enough key pairs created (as I don't know your network topology and how you desire to use it) during setup. However, differentiation between machines/sessions is quickly becoming unclear this way, limiting their use.

Note that it is not hard to create an extra pair. Last time I made a set of those using the generation script (included with OpenVPN software) I was able to produce 50 unique ones (1024 bit) in less than half an hour without any automation.

4wd · « **Reply #85 on:** July 15, 2009, 12:04 AM »

Do I need to recreate keys for servers and clients everytime I add a new client?
-kartal (July 14, 2009, 10:47 PM)

No, just a new client key/cert for the new client.

Because I did not, I did just create the client2 key and did that build dh thing and copied the original ca.crt(from thr server) file to the client.

I think you only have to run:

build-key <client>

Any time you want to generate another key/cert for a new machine. Maybe running build-dh again has screwed something up.

The only thing is that client2 is a xp64, and I know 64bit network drivers are tricky. Also I am in the middle of something and I have not restarted my computer this time.

AFAIK, you shouldn't need to restart the machine, (at least I haven't had to), and the installer installs a x86 or 64bit driver depending on the OS it detects, so there shouldn't be a problem there - there are an awful lot of people using OpenVPN, to get to stable 2.09 release I'm sure someone would have tested it on 64bit

Grab the last lot of keys/certs I attached to a post and use the client key/cert on the XP64 machine, replace the dh1024.pem file on the server with the one from the archive, disconnect all clients, then try connecting the XP64 machine to the server.

If that works then there must be something wrong with the keys/certs you generated.

re: shares, I'll get back to you about method (b) - you really need to set up two separate networks in order to test otherwise you end up going through the non-VPN connection when you want to test the VPN connection - gets very confusing.

Method (a) is the simplest for what you want but it means you need to install the client on all machines you need to see shares on, which is what you didn't want to do.

kartal · « **Reply #86 on:** July 15, 2009, 01:21 PM »

Hi

I just managed to reinstall all the keys and make it work. The main problem with my xp64 could have been the fact that I tried to install the portable Vpn first. My initial impression is that that really did not play nice on the xp64. Unistalling and installing the latest beta seems to resolve the issues(again) Now both clients can see eachother. Thanks for the lead!

Is it ever possible to share a folde on Vpn but not on lan? I mean for example I would like to sahre some folders just on vpn network. I guess if that is not possible I will just use ssh for that kind of stuff. Somewhere I saw that the tunneling from one machine to another machine was possible over ssh.

4wd · « **Reply #87 on:** July 15, 2009, 08:00 PM »

I just managed to reinstall all the keys and make it work. The main problem with my xp64 could have been the fact that I tried to install the portable Vpn first. My initial impression is that that really did not play nice on the xp64. Unistalling and installing the latest beta seems to resolve the issues(again) Now both clients can see eachother. Thanks for the lead!
-kartal (July 15, 2009, 01:21 PM)

I think the Portable version is x86 only, (but I'm not sure - I haven't checked the extracted files).

Is it ever possible to share a folde on Vpn but not on lan? I mean for example I would like to sahre some folders just on vpn network. I guess if that is not possible I will just use ssh for that kind of stuff.

Good question! I don't know, I would think you need to limit folder access by IP address - something f0dder may be able to answer.

Somewhere I saw that the tunneling from one machine to another machine was possible over ssh.

Yes, you can tunnel using almost any kind of traffic, I have a mag here that has a lot of info on how to set it up, mainly from a Linux point of view but if you like I can scan and email them to you.

Shades · « **Reply #88 on:** July 15, 2009, 08:27 PM »

The tunneling thing sounds interesting, would it be possible to send it to me as well?

4wd · « **Reply #89 on:** July 15, 2009, 08:56 PM »

The tunneling thing sounds interesting, would it be possible to send it to me as well?
-Shades (July 15, 2009, 08:27 PM)

More work!!!

I thought I was retired?

I should start charging per hour

Geddit 'ere: Tunneling.rar

4wd · « **Reply #90 on:** July 16, 2009, 11:00 PM »

Just bumping in case you guys missed the URL on the bottom of the previous post.

Shades · « **Reply #91 on:** July 17, 2009, 10:38 PM »

An interesting albeit somewhat disturbing article...

HTTP tunneling I had heard of, but ICMP- and DNS-tunneling were strangers to me.

Many thanks for the article.

Innuendo · « **Reply #92 on:** July 18, 2009, 11:46 AM »

Thanks, but sorry, I don't do blogging
-4wd (July 10, 2009, 12:07 AM)

4wd doesn't do blogging nor does he allow kids on his lawn.

4wd · « **Reply #93 on:** July 18, 2009, 06:49 PM »

4wd doesn't do blogging nor does he allow kids on his lawn.
-Innuendo (July 18, 2009, 11:46 AM)

Damn right!! Little b*ggers always digging up the plants and pooping everywhere....place is like a minefield!

Then again, since the block is so steep that I don't actually have a lawn....maybe it's something else?

Martian tripods perhaps?

kartal · « **Reply #94 on:** July 26, 2009, 12:20 AM »

The tunneling thing sounds interesting, would it be possible to send it to me as well?
-Shades (July 15, 2009, 08:27 PM)

Try this one
http://inside.mines..../HowTo/sshNotes.html

by using this technique I could connect to my main desktop computer(through my laptop) and all of its drives that are normally not shared.

Shades · « **Reply #95 on:** July 26, 2009, 02:07 AM »

Looks also interesting, thanks kartal

But I must say that the required installing of CygWin is a serious problem. Even worse, I absolutely hate CygWin. Tried it once some two years back and by using all the defaults and dutifully downloading every piece of software it requested it never worked. Besides that, the total size of the CygWin folder was just over 4GByte(!!)...which took at least 5 days to download (internet is/was not that great over here).

A few months ago I found out about Portable Ubuntu, I believe it was featured on 'LifeHacker'.
The download was only a measly 450Mbyte, but my system now has a fully working Ubuntu 8.04 that runs in Windows (at the same time!), which takes only 2Gbyte of storage space after installing and updating. When activated it will also take 256Mbyte of RAM, but that would be its only disadvantage when compared with CygWin.

Portable Ubuntu grants full access to all drives/partitions/folders, even those that are normally locked and/or obscured by Windows and its file-system, a feature it has in common with CygWin. Lets just make a long story short: in my point of view Portable Ubuntu is miles ahead of anything related to CygWin. You can even copy a complete and updated Portable Ubuntu installation to a different computer or pendrive and use it immediately from there without any kind of installation. Try to do that with CygWin!

kartal · « **Reply #96 on:** July 26, 2009, 02:40 AM »

Shades, you do not need to install Cygwin for that one though. It is just Ssh tunneling and diverting. I am sure it would work with Ubuntu as long as Ubuntu can runa legit Ssh server in Windows shell.

I personally like Cygwin because I can use all the cool command line tools. I even moved my email to Mutt and some of internet browsing to Elinks. I am also an ardent user of Vim so using Vim under Cygwin is great too. I can also use Cygwin to compile apps alongside with MinGW

To me Cygwin really offered great tools including relatively simple SSH install. Now I have a full SSH setup alonside with Openvpn as you guys helped me with it.

Shades · « **Reply #97 on:** July 26, 2009, 04:40 PM »

My reason for liking Portable Ubuntu:

Looking for P2p file sharing for personal use

kartal · « **Reply #98 on:** July 27, 2009, 01:28 AM »

I have Ubuntu as part of my triple boot, I also use it under Virtualbox. So like Ubuntu as well but Cygwin offered seamless integration for certain tools like ssh. I can use Ubuntu under Vbox but the problem was that making the real networking seemed painful to me. You can connect to internet but that is pretty much it. I could not make ssh server under Ubuntu-Vbox work so I installed Cygwin and that solved my problem.

I just tried portable Ubuntu, it seems like it has similar speed like Vbox installation. But it seems like you can neither change network settings nor enable disable services at least in the admin guis. Do you know if that is a limitation?

kartal · « **Reply #99 on:** August 03, 2009, 01:37 AM »

I do not know if it make sense but I have been using ssh with openvpn when I am outside because my vpn ip does not change and it is easier to remember vpn ip then my public ip. Open vpn+ssh has been fun. Thanks for all the support and great help