Re: need help installing openVPN

From: Nick Craig-Wood (nick_at_craig-wood.com)
Date: 11/25/05 

Date: Fri, 25 Nov 2005 00:29:58 -0600

Llanzlan Klazmon <Klazmon@llurdiaxorb.govt> wrote:
> The subnet for the VPN must not conflict with the subnet being used for
> ethX to talk to your your router or any other local subnets.

I tend to use OpenVPN as a point to point link, like this (with
pre-shared keys), and add exactly the routes I want. I re-use the IP
address of the internal network on the tun interface (no need for a
different one).

My local network is 172.16.x.y, the remote network is 172.17.x.y and this
connects the two gateway machines together.

vpnX.conf ------------------------------------------------------------
#
# OpenVPN configuration file
# using a pre-shared static key.
#

# Use a fixed name tun device.
dev tun-X

# remote end - comment this out if the other end is dynamic IP
#remote 1.2.3.4

# local, remote IPs of the tunnel
ifconfig 172.16.0.1 172.17.0.1

# Start routes
up ./vpnX.up

# Our pre-shared static key
secret vpnX.key

# Port number to use
port 12221

# Compress
comp-lzo

# Send a UDP ping to remote once every N seconds to keep stateful
# firewall connection alive. iptables has a 3 minute timeout on UDP
# by default so 1 minute should be adequate here
; ping 60

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet.
# 5 -- medium output, good for normal operation.
# 8 -- verbose, good for troubleshooting
verb 5

# VOIP
passtos
------------------------------------------------------------

vpnX.up ------------------------------------------------------------
#!/bin/bash
route add -net 172.17.0.0 netmask 255.255.0.0 gw $5
------------------------------------------------------------

I've found OpenVPN to be by far the most reliable and easy to setup VPN! 

-- 
Nick Craig-Wood <nick@craig-wood.com> -- http://www.craig-wood.com/nick

Relevant Pages

  • RE: Remote desktop over a VPN
    ... I understand the issue to be: you have created VPN ... from SBS to remote network, however you can not VPN to remote network from ... This issue may occur because the ISA Server Firewall Client program does ...
    (microsoft.public.windows.server.sbs)
  • Re: Remote User Management
    ... The problem is management of remote computers and compliance ... when they do not have network ... We have been considering installing Site-Link VPN appliances at the ... establish connectivity to domain resources. ...
    (microsoft.public.windows.server.active_directory)
  • Re: VPN Connection to remote site.
    ... If you need further assistance about SBS and ISA in the future, please feel free to post back. ... >Subject: Re: VPN Connection to remote site. ... >problematic and we found that the EPOS PC tended to drop off the network ...
    (microsoft.public.windows.server.sbs)
  • Re: Remote site browsing and file access
    ... than routing typically causes for remote netbios name resolution). ... -- uses software VPN to connect 10.10.0.0/255.255.248.0 network to remote ... -- Server provides all local DNS and DHCP ...
    (microsoft.public.windows.server.sbs)
  • Re: [fw-wiz] Benefits of Network Extention Mode vs IPsec
    ... "Network Extension Mode" is Cisco-specific terminology, ... you're talking about Cisco VPN gear. ... One of the big problems for IPsec deployments is making sure that the VPN ... For remote access VPNs, where you've typically got a single machine ...
    (Firewall-Wizards)