community.smoothwall.

org View topic - Zerina - Installation & Setup Instructions

Login

Register

10/11/10 11:35 PM

FAQ

Search

View unanswered posts | View active topics

Board index Customize Express 3.0 HomeBrew Customizations Mods Zerina

All times are UTC + 1 hour

Zerina - Installation & Setup Instructions

Page 1 of 1 [ 1 post ]
Print view

Previous topic | Next topic

Author
cheesman

Message
Post subject: Zerina - Installation & Setup Instructions
Posted: Fri Apr 11, 2008 5:15 pm

Installation of ZERINA v0.9.8

SmoothRegular
Joined: Mon Aug 16, 2004
9:51 am
Posts: 1539
Location: Cheddar Gorge

ZERINA v0.9.8.* can be installed either as a fresh installation or, if

detected will offer to upgrade v0.9.6.*-sw-final onwards. If
upgrading the user MUST afterwards perform a configuration 'Save'
on the main cgi page to reformat of server config files. Then
manually 'Start' the servers from the gui.
On the Smoothwall console, running as root execute
Code:

cd /tmp
### Download latest bleeding-edge
wget http://zerina.dyndns.org/ZERINA-experimental.run
# and/or latest stable release
wget http://zerina.dyndns.org/ZERINA-stable.tar.gz
# Now verify the md5!
md5sum -c ZERINA-experimental.run.md5
### Run the sfx
sh ZERINA-experimental.run
# or unpack & run setup
tar xvzf ZERINA-stable.tar.gz
./setup
#Select Install (option 1) from the menu or see below for
other options.

The installer will unpack the tarball to

/var/smoothwall/mods/zerina & run from there. A clean install
should leave a tidy screen indicating each successful step
completed. More detailed information can be found in
/var/smoothwall/mods/zerina/install.log
A reboot is no longer required after installation.
Removal.
The setup option 2 (Uninstall) will remove everything except the
installation log & the backed-up OpenVPN configuration files.
Rollback.
The setup option 3 (Rollback) rolls back to the previously installed
version of OpenVPN/Zerina. This works whilst the OpenVPN server
is running, restarting as necessary.
Restoring a backed-up config.
If the installer detects previous backed-up configs during a fresh
installation it will off to restore the most-recently backed-up one.
If you need to manually restore a saved configuration you can do so
by renaming /var/smoothwall/ovpn & running
Code:

tar xvzf
/var/smoothwall/mods/zerina/backup/<version>/ovpncfg.tar.gz
-C /

Installation (hunk) errors.

Messages like
Code:

..Hunk #2 succeeded at 398 with fuzz 3 (offset -1 lines).

mean that patching has taken place & is *probably* OK. To check

http://community.smoothwall.org/forum/viewtopic.php?f=55&t=28246&sid=d913c434b79657d1f6f70392fd0adf69

Page 1 of 4

community.smoothwall.org View topic - Zerina - Installation & Setup Instructions

10/11/10 11:35 PM

look in /var/smoothwall/mods/zerina/install.log which will indicate

which file was being patched when the fuzzing was deployed. Take
a look at the file - a small offset is more likely to be OK. If the
patching can't cope it will give Hunk failed messages which should
be reported in this forum.
In all cases running /var/smoothwall/mods/zerina/uninstall will
restore the system files. Also note if you want to keep the
installation but just restore the odd system file you can find them
backed up in /var/smoothwall/mods/zerina/backup/sysfiles.nn.tgz.
Then commands eg.
Code:

cd /var/smoothwall/mods/zerina/backup
tar xvzf sysfiles.12345.tgz etc/rc.d/rc.firewall.up -C /

will restore the individual file.

Setup for Roadwarrior configuration:
My thanks to Fest3er for the summary of a roadwarrior setup, which
I quote below with his permission.

Quote:

Fest3er's OVERVIEW to install, configure and use Zerina for

remote VPN access
Install Zerina
Create a certificate for yourself (and set a
password/passphrase)
Download the certificate package (zip file) to your home
computer
Download OpenVPN for Windows
(http://openvpn.se/files/install_package ... nstall.exe)
Install OpenVPN and certificate according to the
instructions
Be sure outbound port 1194 is open on your home
firewall(s)
Run the GUI
Open the connection
Enter password
You should now be able to access your remote network. For
more transparent access, you may want to push the address of a
WINS server for more transparent access to remote WIN systems.
But that can wait until you have it at least connecting and
working. For my church, I push the domain (office.olph - OK
since it is never seen on the internet) and the address of the
DNS and WINS server to the client. I also set it up so that all
traffic goes through the VPN; it may be slower, but I only use
the VPN when I need to.
Note that the above steps are the major steps you need to take;
many details have been glossed over.
As with most software packages, install Zerina, set it up, screw it
up and uninstall it. More than once. By the third time, you
should have the hang of it.

Caution! Each Road Warrior must have her own certificate

because certificates cannot be used simultaneously by more
than one Road Warrior.
Quote:

Fest3er's OVERVIEW to configure VPN access via both

internet and local PURPLE wireless
After installing the certificate in Zerina's config folder, you must:
rename user -TO-SW.ovpn to user -RED.ovpn
copy user -RED.ovpn to user -PURPLE.ovpn, and
edit user -PURPLE.ovpn, putting a # at the front of the line
that has "Connect to OpenVPN on Red" and deleting the #
at the beginning of the line that has "Connect to OpenVPN
on Purple"
teach your Road Warrior(s) when to use RED and when to
use PURPLE

There's also a good, detailed tutorial, albeit illustrated using the

IpCop version, which starts here

http://community.smoothwall.org/forum/viewtopic.php?f=55&t=28246&sid=d913c434b79657d1f6f70392fd0adf69

Page 2 of 4

community.smoothwall.org View topic - Zerina - Installation & Setup Instructions

10/11/10 11:35 PM

Setup for net-to-net configuration.

Basic setup: Once installed, set up Roadwarrior red=>green in the
normal way (this will become optional later). You will notice an
additional box for net-to-net status & control. Firstly we'll set up
the 'server' side on the machine with the CA. Click add then select
'Create a Net-to-Net Virtual Private Network' . You'll see the
following form
Attachment:
File comment: Create a Net-to-Net Virtual Private Network

n2n-02.jpg [ 74.37 KiB | Viewed 7097 times ]

Fill in the blanks - sensible defaults have been (hopefully?)

provided. You'll need to supply at least a connection name(1),
remote ip(2) & remote green subnet(3) & users full name(aka.
CN)(4). Saving these will take you back to the initial screen where
you'll see your connection status as closed (red) as the other end
isn't up yet.
Next download the client config package against your new net-tonet connection. Transfer this zip file to the client machine.
Assuming this is also a Zerina SW3 select Add net-to-net then
'Upload a ZERINA Net-to-Net client package' & browse for your zip
file before pressing Add again. You will then see a client config
confirmation screen
eg.
Attachment:
File comment: Approve the imported configuration?

n2n-03.jpg [ 46.96 KiB | Viewed 7099 times ]

Either approve or discard the displayed configuration. If the former

you will see the new 'client' net-to-net added to the initial screen.
Status should be 'closed', colour blue (ie. disabled). When ready
click the red cross icon to enable the connection. Status should
come back Open, green.
Attachment:
File comment: Net-to-net connection status

n2n-04.jpg [ 12.9 KiB | Viewed 7096 times ]

If not ... leave a few seconds then do a browser refresh, then try a
ping of the remote end of the vpn tunnel (IP ends in .1), then try
looking in /var/log/messages, failing that post here.

http://community.smoothwall.org/forum/viewtopic.php?f=55&t=28246&sid=d913c434b79657d1f6f70392fd0adf69

Page 3 of 4

community.smoothwall.org View topic - Zerina - Installation & Setup Instructions

10/11/10 11:35 PM

There's also a good, detailed tutorial, albeit illustrated using the

IpCop version at http://www.openvpn.eu/index.php?id=40
Questions, suggestions, comments?: Please post to this Zerina
subforum, tagging the subject with [N2N]
_________________
Connectivity issues? Tried Matt's TraceRoute (mtr) which combines
the joys of ping & traceroute? Download the SwE3 build
Zerina-OpenVPN problems? See the faq or IPCop howtos

Top

Display posts from previous:

All posts

Sort by

Post time

Ascending

Go

Page 1 of 1 [ 1 post ]

Board index Customize Express 3.0 HomeBrew Customizations Mods Zerina

All times are UTC + 1 hour

Who is online
Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum

You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Search for:

Go

Jump to:

Zerina

Go

It is currently Mon Oct 11, 2010 5:19 pm

Powered by phpBB 2000, 2002, 2005, 2007 phpBB Group

http://community.smoothwall.org/forum/viewtopic.php?f=55&t=28246&sid=d913c434b79657d1f6f70392fd0adf69

Page 4 of 4