AmritaVPN: Frequently Asked Questions( FAQs)

1. I have downloaded amvpn-vxx.tar.gz, now how to install it?

Perform the following steps to install AmritaVPN in your local machine:

a) su - (if not logged in as root)
b) tar xvfz amvpn-0.95.tar.gz
c) cd amvpn-0.95
d) ./configure
e) make
f) make install

2. How can I quickly start using AmritaVPN?

To setup AmritaVPN quickly just perform the following simple steps:

a) Edit /etc/amvpn.conf. Enter separate tunnel-ip address for all machines and server-ip address for all client machines.
b) Run amvpn-keytool to generate keys/certificates.

For details regarding the above steps please refer to the AmritaVPN HOWTO.

3. What is amvpn-keytool used for?

amvpn-keytool is provided with amvpn-v0.91 to ease the task of generation of keys and certificates. It can be used for doing the following tasks.

a) Generate VPN CA key/cert. Only one machine must do this.
b) Generate VPN key/cert - for all the machines involved.
c) Securing VPN key/cert directory with appropriate privileges.

For details regarding amvpn-keytool please refer to the amvpn.html

4. Where to get help for amvpn/amvpn-keytool?

Type amvpn -h|--help or man amvpn.
Similarly, amvpn-keytool -h|--help or man amvpn-keytool
A good deal of information is also present in the amvpn.html

5. I logged in as root using su and ran make install but I encountered the following error:
./ line 24: useradd: command not found, What is happening?

This because you do not have /sbin in your PATH - Use [su - ] instead of su to get the login shell.

6. Where are the messages generated by amvpn logged?

In daemon mode the messages are logged into the system log (usually goes to the file /var/log/messages) and can be viewed using cat /var/log/messages|grep "amvpn".
In interactive mode the messages are logged onto the console.

7. While connecting to the server I am encountering the following error:
vpn_ssl_error_queue: error:1406B0C9:SSL routines:GET_CLIENT_MASTER_KEY:peer error certificate, What to do?

This means that there is some problem with the signed certificate provided by the client.
It may be due to the following reasons:

a) The Distinguished names of the certificates may be same. Provide a unique distinguished name for each machine and CA. You could, for instance, make the Common Name different for each machine and the CA.

b) Make sure that system time of the machine which is acting as the CA doesnot exceed system time in other machines which will use the CA key to get their certificates signed (at least not more than a few seconds). Otherwise SSL authentication would fail because CA certificate would have a future timestamp compared to the CSRs generated by other machines.

8. I cannot start the amvpn service after installation, why?

Ensure that you are logged in as root. Provide the tunnel-ip address in /etc/amvpn.conf. See the amvpn.html to know more about how to specify tunnel-ip address.

9. How can I specify network addresses to be routed through the VPN tunnel to the other end?

Specify the 'route-ip' and 'route-mask' configuration parameters in /etc/amvpn.conf file, for each network address you want to route through the VPN tunnel.
See AmritaVPN HOWTO for some concrete examples.

AmritaVPN Home

Amrita Research Labs
Amrita Vishwa Vidyapeetham University, India.