however, after setting up various programs, i kept getting *** buffer overflow detected *** errors,

on different programs, however, only the ones i had compiled myself.

it seems like its an issue with the gcc 4.3 with FORTIFY. and disabling it worked for me.

(remember to make clean first)

export CFLAGS=-D_FORTIFY_SOURCE=0; ./configure

and then do make;make install again.

horay!

i had ensured that my exports list was correctly set up, actually, i had it tested from my tvix (was able to browse the share) but from another nix server, i got this message.

there’s probably alot of different solutions for this, since its anything else than accurate error description.

in my case, the other server i tried to access my server from, didnt have the nfs-common package installed.

after installing it, everything went just smooth..

root@xxxx:~# mdadm –add /dev/md1 /dev/sdj
mdadm: add new device failed for /dev/sdj as 2: Invalid argument

and from syslog

Aug 18 11:35:23 xxxx kernel: [ 3419.147467] md: sdj does not have a valid v0.90 superblock, not importing!
Aug 18 11:35:23 xxxx kernel: [ 3419.147472] md: md_import_device returned -22

to make a way to long, lame story short, i will post a few notes to self.

1) DO NOT EXPECT YOU CAN CREATE A 2-DISKS RAID-5 ARRAY A AND EXPAND IT LATER

2) DO NOT EXPECT YOU CAN CREATE A 3-DISK RAID-5 ARRAY WITH 1-MISSING DISK AND ADD IT LATER

ydadada, yes, im aware of it, you need at minimum 3 disks. dont ask me why i even tried, but mdadm DIDN’T complain at all, it just created it.

root@xxx:~# mdadm –detail /dev/md1
/dev/md1:
Version : 00.90.03
Creation Time : Sun Aug 17 18:52:55 2008
Raid Level : raid5
Array Size : 976759936 (931.51 GiB 1000.20 GB)
Used Dev Size : 976759936 (931.51 GiB 1000.20 GB)
Raid Devices : 2
Total Devices : 2
Preferred Minor : 1
Persistence : Superblock is persistent

Update Time : Mon Aug 18 11:23:27 2008
State : clean
Active Devices : 2
Working Devices : 2
Failed Devices : 0
Spare Devices : 0

Layout : left-symmetric
Chunk Size : 64K

UUID : e1962bdb:72c36721:46188f91:72750c0f (local to host xxxx)
Events : 0.4

Number  Major  Minor  RaidDevice State
0      8       1       0     active sync  /dev/sda1
1      8      17       1     active sync  /dev/sdb1

]]> http://www.annoying.dk/2008/08/26/mdadm-screwup/feed/ 0 http://www.annoying.dk/2008/07/15/error-clientkey-is-a-known-vulnerable-key-see-man-openssl-vulnkey-for-details/ http://www.annoying.dk/2008/07/15/error-clientkey-is-a-known-vulnerable-key-see-man-openssl-vulnkey-for-details/#comments Tue, 15 Jul 2008 10:47:59 +0000 admin http://www.annoying.dk/?p=21 After the crypto bug got fixed in debian (and the system got updated via apt) it would prompt one for regeneration of certificates.

what i forgot all about, was that of course OpenVPN was affected by this aswell, so after the update and a reboot, all my vpn connections died suddenly.

as far as i know, theres no other way to fix this, other than generating new keys, (ca, dh, all of it) since the openvpn server itself wont work anymore.

however, a temp solution until one gets time to generate new keys and certificates could be….

sudo mv /usr/sbin/openssl-vulnkey /usr/sbin/openssl-vulnkey.bak

$ sudo mv /usr/sbin/openvpn-vulnkey /usr/sbin/openvpn-vulnkey.bak

$ sudo ln -s /bin/true /usr/sbin/openssl-vulnkey

OpenVPN will now start with the naughty keys and you can at least update the keys.

VMware Server Console

The Process exited with an error:

End of error message.

And tailing the log file might output stuff similar to this

foo# tail -f /var/log/vmware/vmware-serverd.log

Nov 05 20:34:38: app| Attempting to launch vmx : /var/lib/vmware/Virtual Machines/Other Linux 2.6.x kernel/Other Linux 2.6.x kernel.vmx
Nov 05 20:34:38: app| Error during launch: 11, The process exited with an error:
Nov 05 20:34:38: app| End of error message
Nov 05 20:34:38: app| VmsdVmStatePendingCmdFailed: cmd status is already set
Nov 05 20:34:41: app| Msg_Post: Error
Nov 05 20:34:41: app| [msg.vmmonPosix.badVersion] Version mismatch with vmmon module: expecting 138.0, got 137.0.
Nov 05 20:34:41: app| [msg.vmmonPosix.badDriver] You have an incorrect version of the `vmmon’ kernel module.
Nov 05 20:34:41: app| Try reinstalling VMware Server.
Nov 05 20:34:41: app| [localized] Version mismatch with vmmon module: expecting 138.0, got 137.0.
Nov 05 20:34:41: app| You have an incorrect version of the `vmmon’ kernel module.
Nov 05 20:34:41: app| Try reinstalling VMware Server.
Nov 05 20:34:41: app| —————————————-
Nov 05 20:34:41: app| Msg_Post: Version mismatch with vmmon module: expecting 138.0, got 137.0.
Nov 05 20:34:41: app| You have an incorrect version of the `vmmon’ kernel module.
Nov 05 20:34:41: app| Try reinstalling VMware Server.
Nov 05 20:34:41: app|
Nov 05 20:34:41: app| Msg_Post: Error
Nov 05 20:34:41: app| [msg.vmmonPosix.initFailed] Failed to initialize monitor device.
Nov 05 20:34:41: app| [localized] Failed to initialize monitor device.
Nov 05 20:34:41: app| —————————————-
Nov 05 20:34:41: app| Msg_Post: Failed to initialize monitor device.

yea..its actually true, just reinstalling the vmware server solves the problem (no need to uninstall it first) and its pretty quick since you can skip the networking configuration (its been saved)

so in order to make it stop, i decided to try and help him with vmware server installation which he fucked up (can’t prove it, but all the evidence points to him)

Anyway, while trying to install it, one might encounter an error message like this

What is the location of the directory of C header files that match your running
kernel? [/lib/modules/2.6.23.1-foo/build/include]

Extracting the sources of the vmmon module.

Building the vmmon module.

Using 2.6.x kernel build system.
make: Entering directory `/tmp/vmware-config0/vmmon-only’
make -C /lib/modules/2.6.23.1-dewey/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. modules
make[1]: Entering directory `/usr/src/linux-2.6.23.1′
CC [M] /tmp/vmware-config0/vmmon-only/linux/driver.o
/tmp/vmware-config0/vmmon-only/linux/driver.c: In function âLinuxDriver_Ioctlâ:
/tmp/vmware-config0/vmmon-only/linux/driver.c:1659: error: âstruct mm_structâ has no member named âdumpableâ
make[2]: *** [/tmp/vmware-config0/vmmon-only/linux/driver.o] Error 1
make[1]: *** [_module_/tmp/vmware-config0/vmmon-only] Error 2
make[1]: Leaving directory `/usr/src/linux-2.6.23.1′
make: *** [vmmon.ko] Error 2
make: Leaving directory `/tmp/vmware-config0/vmmon-only’
Unable to build the vmmon module.

For more information on how to troubleshoot module-related problems, please
visit our Web site at “http://www.vmware.com/download/modules/modules.html” and
“http://www.vmware.com/support/reference/linux/prebuilt_modules_linux.html”.

Execution aborted.

i’d like to point out a few things that you would most likely want to install to make the installation go smooth.

apt-get install libx11-6 libx11-dev libxtst6 libxtst-dev libxt6 libxt-dev wget linux-headers-`uname -r` build-essential make gcc g++

i might be missing some, or some of them might not be needed, but I’m too careless to check it out, so feel free to bug me if you see something wrong.

IF it whines about the same error again, the cause of this might be that your running a newer kernel than the installer requires, if so, there’s a patch out which solves the problem. beware that when your reading this, the direct link to the patch i post, might already be outdated, so be sure to check if there’s a newer version out. currently when writing this, version 114 is out.

So lets do it.

foo:/usr/src# wget http://knihovny.cvut.cz/ftp/pub/vmware/vmware-any-any-update114.tar.gz

foo:/usr/src# tar zxfv vmware-any-any-update114.tar.gz

foo:/usr/src# cd vmware-any-any-update114

foo:/usr/src/vmware-any-any-update114# ./runme.pl

should spit out something smiliar to this

Updating /usr/bin/vmware-config.pl … already patched
Updating /usr/bin/vmware … No patch needed/available
Updating /usr/bin/vmnet-bridge … No patch needed/available
Updating /usr/lib/vmware/bin/vmware-vmx … No patch needed/available
Updating /usr/lib/vmware/bin-debug/vmware-vmx … No patch needed/available
VMware modules in “/usr/lib/vmware/modules/source” has been updated.

and from there, the installation should succeed

 At least the client has improved over the years since i last used it, which must have been 7 years ago or something. anyway, my memory isn’t what it used to b…hmm, nevermind. my memory more or less always fails to remember anything at all, so of course i ran into problems again. here’s some output from /var/log/syslog after trying to start pppoe.

 (i actually did compile a new kernel with support for PPP, but i forgot something…)

Oct 26 23:39:16 foo pppd[3069]: pppd 2.4.4 started by root, uid 0
Oct 26 23:39:16 foo pppd[3069]: Serial connection established.
Oct 26 23:39:16 foo pppd[3069]: Couldn’t set tty to PPP discipline: Invalid argument
Oct 26 23:39:16 foo pppoe[3071]: PADS: Service-Name: ”
Oct 26 23:39:16 foo pppoe[3071]: PPP session is 41216 (0xa100)
Oct 26 23:39:16 foo pppoe[3071]: read (asyncReadFromPPP): Session 41216: Input/output error
Oct 26 23:39:16 foo pppoe[3071]: Sent PADT
Oct 26 23:39:46 foo pppd[3069]: Serial connection established.

In short,i forgot to compile support for “PPP support for async serial ports”

This howto, shortly explains how to set it up on Linux, and covers possible problems you might encounter.

Anyway, lets get going!

In order to wake up a computer from the Internet you need a Broadband connection with a Router connected to the Modem that keeps your connection alive (you need a Router even if you have Static IP).

Other articles on the net might referrer to a little cable that’s used to connect the NIC with the motherboard, for powering it on, however, on newer computers this isn’t necessary anymore as it works via PCI, and only need to be enabled in the bios (might be called something like Wake on PCI). But if you don’t have an on-board NIC, but and old sucky 10/10Mbit..then..well..good luck

If you use Debian as in this case, fire up apt-get, and install ethtool

apt-get install ethtool

and if you don’t. then grab it from sourceforge.net

Now, use ifconfig to check what your interface is called (most likely eth0)
And run ethtool with it like

Ethtool eth0

Which will spit out something similar to

Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: umbg
Wake-on: d
Current message level: 0×00000007 (7)
Link detected: yes

Notice the “Supports Wake-on” says umbg, but “Wake-on” says d (disabled)

If we take a short look on the manpage for ethtool it says.

wol p|u|m|b|a|g|s|d…

Sets Wake-on-LAN options. Not all devices support this. The argument to this option is a string of characters specifying which options

to enable.

p Wake on phy activity

u Wake on unicast messages

m Wake on multicast messages

b Wake on broadcast messages

a Wake on ARP

g Wake on MagicPacket(tm)

s Enable SecureOn(tm) password for MagicPacket(tm)

d Disable (wake on nothing). This option clears all previous options.

So we can see it supports umbg, but currently its set to d for disabled.

all good so far. so in this case, we will be using the MagicPacket method to wake it up

so fire up ethtool with the command.

ethtool –s eth0 wol g

Doing ethtool eth0 again, should now show

Wake-on: g

Horay!

Now you should open a port on your router. Doesnt really matter which one you pick,so for all you people with a fetish for good looking numbers, you can just choose you’re desired one.

in this example I’m using port 8000 (such a nice number isn’t it?)

so open port 8000 protocol udp, in your router, and forward it to your machine’s internal ip.

Ifconfig will show..

eth0 Link encap:Ethernet HWaddr 00:41:63:DD:78:60

inet addr:10.0.0.56 Bcast:10.0.0.255 Mask:255.255.255.0

inet6 addr: fe80::240:63ff:fedd:7860/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:12193206 errors:0 dropped:0 overruns:0 frame:0

TX packets:12300751 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:2652858583 (2.4 GiB) TX bytes:1613681546 (1.5 GiB)

Interrupt:11 Base address:0xe400

So we forward port 8000/udp to 10.0.0.56.

While we’re at it. Write down 00:41:63:DD:78:60

Since we need the mac address to wake it up from its beauty sleep.(sounds gay I know)

Now you might as well just kill it (shutdown –hP now) since we need to test.

Now, if you want to power it on from another Linux machine, go get wakeonlan

apt-get install wakeonlan

and type

#wakeonlan -i ip/dns -p port mac-adress

In my case

#wakeonlan –i annoying.dk –p 8000 00:41:63:DD:78:60

And it should say something like

Sending magic packet to annoying.dk:8000 with 00:41:63:DD:78:60

Now, hopefully, it should start powering on your machine.

Another way to do it, its from a free service at depicus.com

which lets you power it on online from their site.

Here you enter the same information, and subnetmask 255.255.255.240 or 255.255.255.255

depending on your setup.

Or just go get their program from

http://www.depicus.com/wake-on-lan/wake-on-lan-gui.aspx

If your looking for the windows way to set this up, I can recommend looking at

www.raymond.cc

which should cover it all up.

Now. If all of this doesn’t work. You should try testing in on your local network first,

If it still don’t work. And you manually booted up the machine again

Check with “ethtool eth0” to see if it set itself back to “d” instead of g.

If its still set to g, it should really work. And I’m too lazy to write possible causes, so good luck.

Everything works pretty much out of the box if you shut down Linux with poweroff etc. as you usually do. But if the ac power is lost while the machine is powered down waiting for wakeup, the wake up-call won’t work anymore when the power is restored. The nic’s I guess sometimes seem to reset themselves and have to be set with ethtool again.

This can however easily be done with a small startup script, or similar ways which I wont cover up this time. (I will I probably update it later on if people bitch enough)

Now. If its set itself back to d, here’s a possible solution.

Edit /etc/init.d/networking and comment out

“ifdown -a –exclude=lo”

And it should do the trick. And yes, I have no clue at this point why it should work, so just hope for the best

all suggestions are welcome.

Enjoy!

Lets start with installing OpenVPN. for this we need ->

apt-get install openvpn
apt-get install openssl

which in the end should say something like…

Setting up openvpn (2.0.9-8) …
Starting virtual private network daemon:.

and it will fail, since there’s no default configuration and certificates and stuff.

The first thing we need to do, is to create them, so find the easy-rsa folder, which is most likely located at

/usr/share/doc/openvpn/examples/easy-rsa

if this is not the case, do updatedb; locate easy-rsa

and it should output its location.

Lets move this folder to a better location

cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn/

now change directory to /etc/openvpn/easy-rsa/2.0

Now with your favorite editor, edit the file in easy-rsa called vars (nano vars) for example.

In the bottom of this file, it should look something like

export KEY_COUNTRY=DK
export KEY_PROVINCE=NA
export KEY_CITY=foocity
export KEY_ORG=”OpenVPN”
export KEY_EMAIL=”foo@annoying.dk”

except that i changed a few of the values so it fits my need. This isn’t really necessarily but will save you some time in the end, since you otherwise would have to enter it all manually multiple times later in this howto.

Save the file, and lets get on to the next step.

initialize the PKI

. ./vars

yes..there’s 2 dots, its supposed to be like that, so type it exactly like that. (i cant recommend using screen at this point, since it fucks up the env)

now do

./clean-all

and finally

./build-ca

The command (build-ca) will build the certificate authority (CA) certificate.

and should look something like..

foo:/etc/openvpn/easy-rsa/2.0# ./build-ca
Generating a 1024 bit RSA private key
…++++++
…………………….++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [DK]:
State or Province Name (full name) [NA]:
Locality Name (eg, city) [foocity]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:foo-server-ca
Email Address [foo@annoying.dk]:

Note that in the above sequence, most queried parameters were defaulted to the values set in the vars file.
The only parameter which must be explicitly entered is the Common Name. In the example above, I used “foo-server-ca”. as marked with bold

Next, we will generate a certificate and private key for the server.
./build-key-server server

which again, will output something similar to this.

foo:/etc/openvpn/easy-rsa/2.0# ./build-key-server server
Generating a 1024 bit RSA private key
………++++++
…………………++++++
writing new private key to ‘server.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [DK]:
State or Province Name (full name) [NA]:
Locality Name (eg, city) [foocity]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:server

As again, the only value that had to be explicitly entered was Comon Name. Enter server here.

Now we will generate certificates & keys for 1 client. you can create as many as you like, as long as they got unique names.

this example, we create it without password auth. if you wish to force your clients to use a password of your desire, simply use ./build-key-pass instead.

./build-key foo1

should give us

foo:/etc/openvpn/easy-rsa/2.0# ./build-key foo1
Generating a 1024 bit RSA private key
…………………..++++++
…………..++++++
writing new private key to ‘foo1.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [DK]:
State or Province Name (full name) [NA]:
Locality Name (eg, city) [foocity]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:foo1
Email Address [foo@annoying.dk]:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName RINTABLE:’DK’
stateOrProvinceName RINTABLE:’NA’
localityName RINTABLE:’foocity’
organizationName RINTABLE:’OpenVPN’
commonName RINTABLE:’foo1′
emailAddress :IA5STRING:’foo@annoying.dk’
Certificate is to be certified until Oct 11 15:56:29 2017 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

Again, the “Common Name” is the name of the client, in this case foo1.

When it asks for A challenge password , just hit enter.

Generate Diffie Hellman parameters.

./build-dh

This command can take a little time, depending on your hardware.

foo:/etc/openvpn/easy-rsa/2.0# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
……………………+……………………………………..+…….
………………….+..+……………………………………………
…………………………….+………..+…………..+……………
……………………………………………………….+…………
…………………………………………………………………..
…………………………………+………..++*++*++*

We should now have a new folder inside of easy-rsa called keys (/etc/openvpn/easy-rsa/keys/)

it contains a bunch of files, some for the server and others for the clients.

Copy ca.crt ca.key dh1024.pem server.crt server.key into openvpn root folder

cd /etc/openvpn/easy-rsa/2.0/keys

cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn

now jump back to the openvpn root folder (/etc/openvpn/)

and use your editor, in this case nano, to edit/create the server configuration file.

nano openvpn.conf

and copy past

port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 172.16.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group users
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client

Remove the last line “client-to-client” if you don’t wish your clients to be able to communicate together.

save the file. and lets see if we can get it up running.

/etc/init.d/openvpn start
Starting virtual private network daemon: openvpn(OK).

perfect. lets just double check by running ifconfig. (it might take a few seconds before it appears in ifconfig)

ifconfig

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.16.0.1 P-t-P:172.16.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

hooray. seems like its up running

Now, if you got a client machine, which you installed openvpn on, copy the files down below to its /etc/openvpn/ folder.

ca.crt foo1.crt foo1.key

(they should be located in the folder /etc/openvpn/easy-rsa/2.0/keys/ on the server)

now, on the client machine, lets create/edit the configuration file.

nano /etc/openvpn/openvpn.conf

and copy past this

client
dev tun
proto tcp
remote ip-or-hostname-of-your-openvpn-server 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert foo1.crt
key foo1.key
comp-lzo
verb 3

and save it. and as on the server, lets try and start it.

/etc/init.d/openvpn start
Starting virtual private network daemon: openvpn(OK).

hooray!

and like before,lets check again (it might take a few seconds before it appears in ifconfig)

ifconfig

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.16.0.2 P-t-P:172.16.0.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

and test if we can ping it.

ping 172.16.0.1

PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=56.1 ms

perfect.

Now, for your clients to be able to reach the other machines on your network, do;

echo 1 > /proc/sys/net/ipv4/ip_forward

(you might want to include this in your boot script, or firewall script)

and on your linux box do;

route add -net 172.16.0.0 netmask 255.255.255.0 gw 192.168.1.7

and your windows box

route -p add 172.16.0.0 mask 255.255.255.0 192.168.1.7

remember to replace 192.168.1.7 with your servers real ip.

Your done!

A little sitenote..

If you want, you easily set up a windows based client instead. So either grab the installation from OpenVPN.net
or if you fantasize in the night about sexy gui’s, grab the gui version from OpenVPN.se

All you really need to do after installing it, is to place your certs and configuration file in C:\Program Files\OpenVPN\config\

now you can either start it from services, or if you use the gui version, right click it and choose connect

# apt-get update

Get:1 http://ftp.dk.debian.org lenny Release.gpg [189B]
Ign http://ftp.dk.debian.org lenny/main Translation-en_DK
Hit http://ftp.dk.debian.org lenny Release
Hit http://ftp.dk.debian.org lenny/main Packages/DiffIndex
Hit http://ftp.dk.debian.org lenny/main Sources/DiffIndex
Fetched 1B in 4s (0B/s)

Reading package lists… Done

W: GPG error: http://ftp.dk.debian.org lenny Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY D5642BC86823D007
W: You may want to run apt-get update to correct these problems

This can be caused by a dist-upgrade or various other reasons, to keep it short, I will post

A few possible solutions to this.

#apt-key update

This will obtain the necessary keys and import them. No need to go through gpg directly.
if above doesnt do the trick, heres another solution(might fail tho, if apt wont let you update/install)

# apt-get install debian-archive-keyring

in case this doesnt do the trick neither, it might be caused by old expired keys which didnt get updated while installing debian-archive-keyring. so heres a way to take care of that..

#apt-key list

which will list currently active and expired keys.
then eg. do

#apt-key del 1DB114E0
#apt-key del 4F368D5D
#apt-key del 2D230C5F

or simply

#apt-key del

to erase all expired keys marked for deletion.

Then finally.

#apt-get remove –purge debian-archive-keyring
#apt-get install debian-archive-keyring

Now, if youre just plain unlucky, something fucks up, or you just want to try another way to solve it.
you can do it with gpg manually.

the procedure is.

#gpg –keyserver <keyserver> –recv-keys <pubkeynumber>
#gpg –armor –export <keynumber> | apt-key add -

eg.

#gpg –keyserver pgp.mit.edu –recv-keys D5642BC86823D007 # this being the pub_key you got earlier.

which should result in something like

gpg: requesting key 8722E71E from hkp server pgp.mit.edu
gpg: key 8722E71E: public key “secure-testing Archive key 2005-7 <katie@secure-testing.debian.net>” imported

gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1

Then type something like.

#gpg –armor –export 8722E71E | apt-key add -

which would output something like.

gpg: no ultimately trusted keys found
OK

At this point, the gpg key is recorded in your local database, and you shouldn’t see the gpg error for that particular repository.

Some additional key servers:

keyring.debian.org
pgp.mit.edu
pgpkeys.pgp.net
wwkeys.uk.pgp.net
wwwkeys.pgp.net