OpenVPN Support seems to have been dropped as well 13.1

OK so openvpn a very highly used tool for linux seems to no longer be integrated into openSUSE.

In past when installed, rcopenvpn was available and one could activate it through yast runlevel.

It was pretty well integrated into the environment and implementing a vpn was a snap for a user

Well with 13.1 all integration seems to have been dropped, Or am I missing something

Along with the dropping of the SSHD support for YAST2.

SSHD is one of the most used interfaces to the system as far as I can see, cant explain this,

Can someone shed some light on this for me, Seting up my system just became an experience from the 1990’s

Help!

rcopenvpn and YaST runlevel are for old-style sysvinit. (YaST runlevel didn’t even work fully anymore on 12.3)
The openvpn package is built with systemd support now, and it does contain a native openvpn.service file.
You should be able to enable/disable it in the new YaST->Service Manager.
Or use “systemctl”.

Along with the dropping of the SSHD support for YAST2.

SSHD is one of the most used interfaces to the system as far as I can see, cant explain this,

???
I never had any need to use the YaST SSHD module.
You can enable/disable sshd in YaST->System->Service Manager, and open the Firewall port in YaST->Security and Users->Firewall anyway.

You missed a couple of things:

  • 13.1 has moved completely to systemd. And, so have the openvpn packages
  • The Yast runlevel module has been replaced by the service manager module.

If you enter that module, you’ll can enable the openvpn service, everything else needed will be handled by systemd.

Re. the SSHD module: noticed that too. But … also thought I always used it once (I turn on ssh during install), to change the port the sshd is running on. And that’s pretty useless these days (the attacks I see using ssh are never on port 22 :smiley: ).

But, my main point is that I guess you (like me until 12.3) have continued using the old ways to get services running / monitor them, where you’ll need to get used to systemd (which also means the old runlevels are no longer used).

See also here:
Openvpn - FedoraProject

In short, you can start the VPN server configured in /etc/openvpn/vpn1.conf with:

systemctl start openvpn@vpn1.service

To enable automatic start at boot, use this:

systemctl enable openvpn@vpn1.service

You have to change the “vpn1” accordingly to the names of your configurations of course.

wolfi323 wrote:

> I never had any need to use the YaST SSHD module.
> You can enable/disable sshd in YaST->System->Service Manager, and open
> the Firewall port in YaST->Security and Users->Firewall anyway.
>

On a one-for-one setup this is OK, but if you have a setup where you need to
ssh into multiple computers behind a nat’d router it becomes a real pain.
Setting up here requires unique ports for each device so that the router can
properly forward external traffic properly.

Enough of a hassle that I’m trying to get the scripting right just to do the
initial setup. The convenience afforded by the yast module is sorely
missed!


Will Honea

Thank you all for you comments.

Looks like I am still using the old ways,

But Will I agree with you the yast module, made managing sshd much much simpler, We are trying to make the system easier to use with each generation righ-t?

Well Will work on systemd understanding, and try the new modules.

If I understand correctly I need to configure then start each vpn separately and then issue an enable command for each one.

In past I just added VPN1… vpnn.conf to the openvpn directory and restarted the service. So it would seem to be a little more complicated.
And requires a little more manual work, On the upside it seems to provide a more granular control of the vpns

Will give it a try, Thanks

Correct.
You don’t have to start it, though.
Just enable it and it will be started on the next boot.

If you don’t want to reboot and have it running now, you must start it of course… :wink:

In past I just added VPN1… vpnn.conf to the openvpn directory and restarted the service. So it would seem to be a little more complicated.
And requires a little more manual work, On the upside it seems to provide a more granular control of the vpns

Well, there is a openvpn.target in the openSUSE package, which is supposed to start all services like the old rcopenvpn did.
But I don’t know yet how you would activate that.

PS: Regarding the SSHD module, you could try to install the package from 12.3:

sudo rpm -i http://download.opensuse.org/distribution/12.3/repo/oss/suse/noarch/yast2-sshd-2.22.0-4.1.2.noarch.rpm

Worked fine for me with the TV module… No guarantees though.

I see what I did, I used the text only install for my server, yast for ncurses and I did not see that module installed after the system restarted. Maybe I need to look a little more closely at what is installed. I Manually installed the Runlevel as I am used to doing, to do the vpn setup. Looking for Service Manager now.

sshd did far more that just allow remapping or port, which I do at firewall anyway. It allowed many configuration changes, now one must understand the config file and options ala 6.0 release of Suse. Its just more work, I thought we were trying to make things more easy.

AFAIU, there just isn’t the developer resources to do this at this stage.

wolfi323 wrote:

> PS: Regarding the SSHD module, you could try to install the package from
> 12.3:
>
> Code:
> --------------------
> sudo rpm -i
> http://download.opensuse.org/distribution/12.3/repo/oss/suse/noarch/yast2-sshd-2.22.0-4.1.2.noarch.rpm
> --------------------
>

Seems to work just fine. I’m not sure it’s getting the firewall open for any
additional ports but it does the approriate mods to /etc/ssh/sshd_config -
that’s a start but I wouldn’t count on it for future versions.


Will Honea

ercoupeflyer wrote:

>
> Thank you all for you comments.
>
> Looks like I am still using the old ways,
>
> But Will I agree with you the yast module, made managing sshd much much
> simpler, We are trying to make the system easier to use with each
> generation righ-t?
>
> Well Will work on systemd understanding, and try the new modules.
>

I fully understand the manpower issues with all the modules. If I can
burrow down to the source for that yast module I’ll look at what needs to be
done - if anything - and post any fixes I make.

So far, 13.1 has been a bit of a challenge. Lots of little changes and odd
cases seem to be popping up. Between the gradual change-over to UEFI and
the systemd migration there are a lot of piss-ants to stomp.


Will Honea

On 2013-11-23 20:16, ercoupeflyer wrote:
>
> Thank you all for you comments.
>
> Looks like I am still using the old ways,
>
> But Will I agree with you the yast module, made managing sshd much much
> simpler, We are trying to make the system easier to use with each
> generation righ-t?

You could write a bugzilla to request it back. Unless the developers
know that many people are missing that module, they will not care. You
need a bugzilla with many people.


Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

Have a look here:
Kobliha’s blog: Yast Modules: Summer Sale!
:wink:
The SSHD module is not explicitely mentioned there, apparently it was decided later to drop that. But I guess that blog would apply as well.

Ok I have installed the Service Manager into yast and here is what happened

openvpn@Office in my case

Does not show up in service manager until i issue the systemctl enable openvpn@Office (.service does not work, I had to drop that)
After doing this the entry does show up in service manager. So this leads me to believe that Doing anything became more difficult, Openvpn would fully configure after install(except for .conf files) in previous versions
Now we need to know a command for getting things into the service manager.
Open vpn did configure three entries which I cant seem to find an explanation for

openvpn@ Which can not be started but reports enabled
openvpn@openvpn.conf So If I just have one vpn and I name it openvpn.conf I can just start it (there is no sample conf file included anymore)
openvpn@multiuser Not sure about this it disappeared after the the second time i entered the service manager

Even though openvpn@Office is enabled and persists thru system restarts the service manager reports it as disabled and if i attempt to enable through service manager it reports enabled and it can not enable the service
if I disable with command line, it of course disappears from the service manager…

One thing is the entries in the service manager are not sorted, so it takes some time to locate anything

nothing works quite right

Not quite true openvpn is functioning correctly

Keep in mind I am using the text based interface, I dont know if that makes a difference

Bugzilla is your friend: http://bugzilla.novell.com/ (same username/password as here)

IMO
Each person who person who posts needs t clarify whether they’re trying to setup a Server or Client.
Anyone who is setting up the client should take advantage of Network Manager integration, just install openvpn packages and configure a vpn connection.
Very simple.

TSU

Sorry I am setting up a server, standalone text only, an older surplus box, no graphic support

I believe the VPN is for graphics maybe just use SSH for text

Excellent piece of advice! Many thanks! :slight_smile: