openvpn configuration

Tyler Littlefield tyler at tysdomain.com
Fri May 15 09:51:09 EDT 2009 

I don't mind you not debugging. I'd like to learn, basically I just want 
something that will route all network traffic through the vpn, for when I'm 
at other places, not just school.

Thanks,
Tyler Littlefield
Web: tysdomain.com
email: tyler at tysdomain.com
My programs don't have bugs, they're called randomly added features.

----- Original Message ----- 
From: "Kerry Hoath" <kerry at gotss.net>
To: "Speakup is a screen review system for Linux." <speakup at braille.uwo.ca>
Sent: Friday, May 15, 2009 6:38 AM
Subject: Re: openvpn configuration


> With a static key there is one client and one server, openvpn can not 
> handle more than one client per instance.
> You'd need to launch one instance of openvpn for each client connecting on 
> a different port.
>
>
> ip addresses must be outside your network for the vpn; if using a routed 
> vpn.
> If using a bridge i'd assume you have bridged tap0 on your server to an 
> ethernet interface on your subnet as described in the bridging mini-howto 
> on the openvpn site.
>
> If you intend to bridge; handing out a default gateway to your client pc 
> isn't trivial.
>
> Perhaps you should consider getting your hands on the building vpn 
> networks with openvpn from pakt publishing book it is easy to follow.
>
> Also specifying what you exactly want to achieve in terms of vpns and 
> networks might allow people to give you more directed help.
> I'm personally not debugging your config files but someone else might be 
> more kind; it's hints only.
>
> You must have either dev tap or dev tun on *both* ends of the connection, 
> you can not mix and match.
> tun is routed, vpn ips outside your subnet with apropriate routing.
>
> dev tap is bridge, bridge the tap0 and eth0 interfaces making sure you 
> openvpn mktun the tap0 interface first.
>
> Regards, Kerry.
>
> ----- Original Message ----- 
> From: "Tyler Littlefield" <tyler at tysdomain.com>
> To: "Speakup is a screen review system for Linux." 
> <speakup at braille.uwo.ca>
> Sent: Friday, May 15, 2009 7:22 PM
> Subject: Re: openvpn configuration
>
>
>> he static key shows ifconfig x.x.x.x to x.x.x.x, sounds like there isn't 
>> much handed out there...
>>
>>
>> Thanks,
>> Tyler Littlefield
>> Web: tysdomain.com
>> email: tyler at tysdomain.com
>> My programs don't have bugs, they're called randomly added features.
>>
>> ----- Original Message ----- 
>> From: "Kerry Hoath" <kerry at gotss.net>
>> To: "Speakup is a screen review system for Linux." 
>> <speakup at braille.uwo.ca>
>> Sent: Thursday, May 14, 2009 10:34 PM
>> Subject: Re: openvpn configuration
>>
>>
>>> ip is handed out by openvpn from your server.
>>> If you want the same ip every time then set that up on openvpn to do 
>>> that, see the static key mini howto on the subject.
>>>
>>> You should not need to use ifconfig on the client side to set ips on 
>>> tunnel let openvpn pull the necessary options from the server.
>>> I use a routed vpn all the time and allways get the same ip from my 
>>> server vpn ip that is.
>>> Regards, Kerry.
>>>
>>> ----- Original Message ----- 
>>> From: "Tyler Littlefield" <tyler at tysdomain.com>
>>> To: "Speakup is a screen review system for Linux." 
>>> <speakup at braille.uwo.ca>
>>> Sent: Friday, May 15, 2009 11:35 AM
>>> Subject: Re: openvpn configuration
>>>
>>>
>>>> It's fine. kids have exploits they run on the servers, but I'm not that 
>>>> stupid. vpn is a lot more um, quiet, so I doubt they'll care as much 
>>>> over the kids running exploits when they want to log to facebook. Not 
>>>> like I'm looking at porn, just want to be able to do research. Anything 
>>>> with phpbb is blocked, and I'm frequently reading articles.
>>>> When I try to set up tun, I need to use ifconfig to set up the tunnel; 
>>>> I won't always have the same IP, though.
>>>>
>>>>
>>>> Thanks,
>>>> Tyler Littlefield
>>>> Web: tysdomain.com
>>>> email: tyler at tysdomain.com
>>>> My programs don't have bugs, they're called randomly added features.
>>>>
>>>> ----- Original Message ----- 
>>>> From: "Kerry Hoath" <kerry at gotss.net>
>>>> To: "Speakup is a screen review system for Linux." 
>>>> <speakup at braille.uwo.ca>
>>>> Sent: Thursday, May 14, 2009 9:22 PM
>>>> Subject: Re: openvpn configuration
>>>>
>>>>
>>>>> Firstly:
>>>>> understand the difference between tun and tap.
>>>>> You must use the *same* on both ends, tun for routed vpn, tap for 
>>>>> bridged.
>>>>>
>>>>> decide whether you want routed or bridged and set up accordingly.
>>>>> Info on openvpn.net on which is bbest, routed is more scalable and 
>>>>> there are tricks to hand out a default gateway on a bridged setup.
>>>>>
>>>>> these tricks may or may not work with Windows openvpn client see faq 
>>>>> files.
>>>>>
>>>>> I'd set up dev tun on both ends and make sure you can see the other 
>>>>> end of your tunnel.
>>>>> Best to make connectivity work before you mess with default routes 
>>>>> etc.
>>>>>
>>>>> Is it worth noting here that you are probably violating policy by 
>>>>> punching holes through a firewall?
>>>>> be aware in case admin comes down on you.
>>>>>
>>>>> Regards, Kerry.
>>>>>
>>>>>
>>>>>
>>>>> ----- Original Message ----- 
>>>>> From: "Tyler Littlefield" <tyler at tysdomain.com>
>>>>> To: "Speakup is a screen review system for Linux." 
>>>>> <speakup at braille.uwo.ca>
>>>>> Sent: Friday, May 15, 2009 3:08 AM
>>>>> Subject: openvpn configuration
>>>>>
>>>>>
>>>>>> Hello list,
>>>>>> I'm currently trying to get openvpn going. I have the port open, but 
>>>>>> it's not letting me forward all traffic through, for some reason. Any 
>>>>>> ideas? I've provided my configs below
>>>>>> #server:
>>>>>> dev tun
>>>>>> secret static.key
>>>>>> keepalive 10 60
>>>>>> ping-timer-rem
>>>>>> persist-tun
>>>>>> persist-key
>>>>>> user nobody
>>>>>> group nobody
>>>>>> daemon
>>>>>> plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so login
>>>>>> push "redirect-gateway def1"
>>>>>> #client:
>>>>>> dev tap
>>>>>> remote tds-solutions.net
>>>>>> secret C:/static.key
>>>>>> keepalive 10 60
>>>>>> ping-timer-rem
>>>>>> persist-tun
>>>>>> push "redirect-gateway def1"
>>>>>> resolv-retry infinite
>>>>>> nobind
>>>>>> proto udp
>>>>>> I want to be able to connect from multiple sources, so I used dev 
>>>>>> tap.
>>>>>>
>>>>>> Thanks,
>>>>>> Tyler Littlefield
>>>>>> Web: tysdomain.com
>>>>>> email: tyler at tysdomain.com
>>>>>> My programs don't have bugs, they're called randomly added features.
>>>>>> _______________________________________________
>>>>>> Speakup mailing list
>>>>>> Speakup at braille.uwo.ca
>>>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Speakup mailing list
>>>>> Speakup at braille.uwo.ca
>>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>>>
>>>> _______________________________________________
>>>> Speakup mailing list
>>>> Speakup at braille.uwo.ca
>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>>>
>>>
>>> _______________________________________________
>>> Speakup mailing list
>>> Speakup at braille.uwo.ca
>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>
>> _______________________________________________
>> Speakup mailing list
>> Speakup at braille.uwo.ca
>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

More information about the Speakup mailing list