/OpenVPN-LDAP-Integration

OpenVPN certification management and LDAP/Active Directory based authorization scripts

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

OpenVPN LDAP Integration README

This file only describes how to download, unpack and fix the accessory
files to enable the vpn_client program to create Windows installer
packages.

The README.DD-WRT file describes how to configure and create the
DD-WRT firmware images that contain an embedded VPN client and router.

See docs/config.html for how to setup your infrastructure to be able
to use these tools.

For more information about OpenVPN see:
  http://openvpn.net/index.php/open-source/documentation/howto.html



*** Prepare Windows client package data ***

    The program on Linux that creates the Windows installer is
    makensis (part of the nsis package). This program reads in
    a package definition file and then generates the installer based
    on that definition file.

    The actual files that are installed by the installer are made up
    of two parts: the openvpn program itself, and the openvpn GUI
    component that provides a task tray icon for easy connecting and
    disconnecting.


  - Relevant link:

    http://www.xdevsoftware.com/blog/post/How-to-Install-the-Nullsoft-Installer---NSIS-on-Linux-.aspx

  - Install 7zip

    sudo apt-get install p7zip-full

  - Get the source and installer package:

    wget http://openvpn.net/release/openvpn-2.1_rc18.zip
    wget http://openvpn.net/release/openvpn-2.1_rc18-install.exe

  - Unpack archives:
    unzip openvpn-2.1_rc18.zip
    7z x openvpn-2.1_rc18-install.exe -oopenvpn-2.1_rc18-install/
        - choose (u) for "A(u)to rename"

  - In the source directory:

    cd openvpn-2.1_rc18
    sh install-win32/winconfig
    touch install-win32/xguidefs.nsi
    echo '!define OPENVPN_GUI_DEFINED' > install-win32/guidefs.nsi

  - In the unpacked executable directory:

    cd ../openvpn-2.1_rc18-install

    mkdir install-win32 images lib text config
    cp ../openvpn-2.1_rc18/autodefs/*.nsi install-win32/
    cp ../openvpn-2.1_rc18/install-win32/*.nsi install-win32/
    cp ../openvpn-2.1_rc18/images/install-whirl.bmp images/

    mv sample-config samples
    mv icon.ico images

    mv bin/*.dll lib
    mv *.txt text

    mkdir -p {driver,tapinstall}/{i386,amd64}
    mv bin/tapinstall.exe tapinstall/amd64/tapinstall.exe
    mv bin/tapinstall_1.exe tapinstall/i386/tapinstall.exe
    mv driver/OemWin2k.inf driver/amd64/OemWin2k.inf
    mv driver/OemWin2k_1.inf driver/i386/OemWin2k.inf
    mv driver/tap0901.sys driver/amd64/tap0901.sys
    mv driver/tap0901_1.sys driver/i386/tap0901.sys
    mv driver/tap0901.cat driver/amd64/tap0901.cat
    mv driver/tap0901_1.cat driver/i386/tap0901.cat

    cd install-win32
    echo '!define SAMPCONF_DIR  "config"'      >> defs.nsi
    echo '!define SAMPCONF_CONF "client.ovpn"' >> defs.nsi
    echo '!define SAMPCONF_P12  "client.p12"'  >> defs.nsi
    echo '!define SAMPCONF_TA   "ta.key"'      >> defs.nsi
    sed -i '/SHOWREADME.*INSTALL-win32.txt/{n;s/^/    !define MUI_FINISHPAGE_SHOWREADME_NOTCHECKED\n/;}' openvpn.nsi


  - You can now delete the source directory and archives:

    rm openvpn-2.1_rc18.zip openvpn-2.1_rc18-install.exe
    rm -rf openvpn-2.1_rc18



*** Client installation prompts in Windows ***

If their is a client already install, stop it first: right click on
double computer icon (with red, yellow or green screens) in task tray
(lower right) and select "Exit".

- <Vista Only> User Account Control. An unidentified program wants
  acces to your computer. ...
  [-> Cancel]  *[-> Allow]*

- <WinXP sometimes> Open File - Security Warning. The publisher could
  not be verified. ...
  *[Run]*  [Cancel]

- Welcome to the OpenVPN 2.1_rc18 Setup Wizard. ...
  *[Next >]*  [Cancel]

- License Agreement. ...
  [< Back]  *[I Agree]*  [Cancel]

- Choose components. ...
  [< Back]  *[Next >]*  [Cancel]

- Choose Install Location. ...
  [< Back]  *[Install]*  [Cancel]

- Hardware Installation. ... TAP-Win32 Adapter ...
  *[Continue Anyway]*  [STOP Installation]

- Installation Complete ...
  *[Next >]*

- Completing the OpenVPN 2.1_rc4-gui-1.0.3 Setup Wizard. ...
  *[Finish]*

- <Vista sometimes> Program Compatibility Assistant. This program
  might not have installed correctly.
  [Reinstall using recommended settings]
  *[This program installed correctly]*


In Windows Vista there is an additional step you must do. Right click
on the "OpenVPN GUI" icon on the desktop and select "Properties".
In the "Shortcut" tab, select "Advanced...". The choose "Run as
administrator". Then click the "OK" buttons to save and close the
dialogs.

If you need to run this program as a user other than the user that you
used to install the program, there are some additional steps you need
to take.


*** Client installation on Windows as normal user (non-admin) ***

- Do a normal install, but unselect auto-start during install

- Right click "OpenVPN GUI" icon
    - Under "Shortcut tab"
    - Choose "Advanced..."
    - Select "Run with different credentials"
    - Select the "Security" tab
    - Click "Add..."
    - Type "Users" into the box labelled "Enter the object names to
      select" 
    - Click "OK" and then "OK" again

- Copy desktop shortcut to all users desktop
    - Right click "OpenVPN GUI" icon and choose "Cut"
    - Right click start menu and choose, "Open All Users"
    - Hit "Backspace" to go up one level
    - Double-click on the Desktop folder
    - Right-click on an empty space and select "Paste"

- Now when you run it as any user, you will be prompted:
    - Select "The following user:"
    - Enter a user name and password with administrative access