August 1, 2012 at 11:33 pm #43406
I’m aiming at setting up ZS to connect my network to a public VPN service (UnblockVPN.com) using OpenVPN in lan-to-lan client mode.
In order to easily access the afore said service, I have been given a .ovpn file and a certificate file (.pem).
I have already created a OpenVPN interface on ZS replicating given connection options (shown in the .ovpn file) in the connection “parameters” (aka command line options of the openvpn command) but I’m unable to make ZS to import the given certificate as I get a “not valid key source file” error (btw, the .pem file is just a host certificate).
Moreover, having set the “–auth-user-pass” option for the OpenVPN setup, ZS is showing a warning reporting “ERROR: could not read Auth username from stdin”, without asking username/password interactively.
I’m trying this way because I would like to AVOID uploading to ZS a config file, a credentials file and a dedicated certificate file to be read for correctly starting openvpn; I would like to setup the whole thing just using the web interface.
As this is a common application, I think many other users could be interested too.
Does anybody know how to solve these issues?
Thanks in advance.August 3, 2012 at 1:45 pm #52411
Well, I found no solution to the issue I presented here exactly as I wanted to do, i.e. just using the GUI (the ZS web interface).
First and generally, there are too many limitations at the moment for the web interface to be able to setup OpenVPN in all the possibile options (as specified in the documents, the actual implementation aims at building ZS-to-ZS vpns with a specific not-standard configuration).
This could be a problem when accessing a third-party system, such as a public VPN service, for which it is compulsory to comply with a given setup.
Second, even deciding to use a manual and longer approach, that is to upload to ZS the setup files provided by the supplier (in my case the configuration file .ovpn, the certificate file .pem and the username/password file) and then just set the GUI for reading them (–config xxxx.ovpn), there will still be an error (Sorry, ‘Auth’ password cannot be read from a file) because the openvpn binary file included in the current release of ZS has not been compiled with the “-enable-password-save” option.
At least, as a primary and quick solution to the above, I would suggest the author to recompile the OpenVPN executable with the said option in order to make credentials to be readable from a file, as a little security flaw can be safely tolerated in order to gain an automatic logon to the vpn service and the persistence of the connection, being this a mostly important feature for an unattended connectivity device such as a ZS box.
Of course, as many other users stated in this forum, a more definitive solution would be to make the VPN web interface easier and faster to setup.
You must be logged in to reply to this topic.