openvpn configuration

Tyler Littlefield tyler at tysdomain.com
Fri May 15 11:44:03 EDT 2009 

ips outside the subnet? I know what a subnet is, but I'm not sure what your 
talking about there. I have to use ifconfig x.x.x to x.x.x which means that 
I need to set up an IP or... something.

Thanks,
Tyler Littlefield
Web: tysdomain.com
email: tyler at tysdomain.com
My programs don't have bugs, they're called randomly added features.

----- Original Message ----- 
From: "Kerry Hoath" <kerry at gotss.net>
To: "Speakup is a screen review system for Linux." <speakup at braille.uwo.ca>
Sent: Friday, May 15, 2009 9:29 AM
Subject: Re: openvpn configuration


> then apply my suggestions and get back to me with results. i've made a 
> number of suggestsions in the previous message but have had no feedback.
> I'd suggest a routed vpn, dev tun, ips outside your subnet, get your 
> server to nat for the vpn.
> regards, Kerry.
>
> ----- Original Message ----- 
> From: "Tyler Littlefield" <tyler at tysdomain.com>
> To: "Speakup is a screen review system for Linux." 
> <speakup at braille.uwo.ca>
> Sent: Friday, May 15, 2009 9:51 PM
> Subject: Re: openvpn configuration
>
>
>>I don't mind you not debugging. I'd like to learn, basically I just want 
>>something that will route all network traffic through the vpn, for when 
>>I'm at other places, not just school.
>>
>> Thanks,
>> Tyler Littlefield
>> Web: tysdomain.com
>> email: tyler at tysdomain.com
>> My programs don't have bugs, they're called randomly added features.
>>
>> ----- Original Message ----- 
>> From: "Kerry Hoath" <kerry at gotss.net>
>> To: "Speakup is a screen review system for Linux." 
>> <speakup at braille.uwo.ca>
>> Sent: Friday, May 15, 2009 6:38 AM
>> Subject: Re: openvpn configuration
>>
>>
>>> With a static key there is one client and one server, openvpn can not 
>>> handle more than one client per instance.
>>> You'd need to launch one instance of openvpn for each client connecting 
>>> on a different port.
>>>
>>>
>>> ip addresses must be outside your network for the vpn; if using a routed 
>>> vpn.
>>> If using a bridge i'd assume you have bridged tap0 on your server to an 
>>> ethernet interface on your subnet as described in the bridging 
>>> mini-howto on the openvpn site.
>>>
>>> If you intend to bridge; handing out a default gateway to your client pc 
>>> isn't trivial.
>>>
>>> Perhaps you should consider getting your hands on the building vpn 
>>> networks with openvpn from pakt publishing book it is easy to follow.
>>>
>>> Also specifying what you exactly want to achieve in terms of vpns and 
>>> networks might allow people to give you more directed help.
>>> I'm personally not debugging your config files but someone else might be 
>>> more kind; it's hints only.
>>>
>>> You must have either dev tap or dev tun on *both* ends of the 
>>> connection, you can not mix and match.
>>> tun is routed, vpn ips outside your subnet with apropriate routing.
>>>
>>> dev tap is bridge, bridge the tap0 and eth0 interfaces making sure you 
>>> openvpn mktun the tap0 interface first.
>>>
>>> Regards, Kerry.
>>>
>>> ----- Original Message ----- 
>>> From: "Tyler Littlefield" <tyler at tysdomain.com>
>>> To: "Speakup is a screen review system for Linux." 
>>> <speakup at braille.uwo.ca>
>>> Sent: Friday, May 15, 2009 7:22 PM
>>> Subject: Re: openvpn configuration
>>>
>>>
>>>> he static key shows ifconfig x.x.x.x to x.x.x.x, sounds like there 
>>>> isn't much handed out there...
>>>>
>>>>
>>>> Thanks,
>>>> Tyler Littlefield
>>>> Web: tysdomain.com
>>>> email: tyler at tysdomain.com
>>>> My programs don't have bugs, they're called randomly added features.
>>>>
>>>> ----- Original Message ----- 
>>>> From: "Kerry Hoath" <kerry at gotss.net>
>>>> To: "Speakup is a screen review system for Linux." 
>>>> <speakup at braille.uwo.ca>
>>>> Sent: Thursday, May 14, 2009 10:34 PM
>>>> Subject: Re: openvpn configuration
>>>>
>>>>
>>>>> ip is handed out by openvpn from your server.
>>>>> If you want the same ip every time then set that up on openvpn to do 
>>>>> that, see the static key mini howto on the subject.
>>>>>
>>>>> You should not need to use ifconfig on the client side to set ips on 
>>>>> tunnel let openvpn pull the necessary options from the server.
>>>>> I use a routed vpn all the time and allways get the same ip from my 
>>>>> server vpn ip that is.
>>>>> Regards, Kerry.
>>>>>
>>>>> ----- Original Message ----- 
>>>>> From: "Tyler Littlefield" <tyler at tysdomain.com>
>>>>> To: "Speakup is a screen review system for Linux." 
>>>>> <speakup at braille.uwo.ca>
>>>>> Sent: Friday, May 15, 2009 11:35 AM
>>>>> Subject: Re: openvpn configuration
>>>>>
>>>>>
>>>>>> It's fine. kids have exploits they run on the servers, but I'm not 
>>>>>> that stupid. vpn is a lot more um, quiet, so I doubt they'll care as 
>>>>>> much over the kids running exploits when they want to log to 
>>>>>> facebook. Not like I'm looking at porn, just want to be able to do 
>>>>>> research. Anything with phpbb is blocked, and I'm frequently reading 
>>>>>> articles.
>>>>>> When I try to set up tun, I need to use ifconfig to set up the 
>>>>>> tunnel; I won't always have the same IP, though.
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> Tyler Littlefield
>>>>>> Web: tysdomain.com
>>>>>> email: tyler at tysdomain.com
>>>>>> My programs don't have bugs, they're called randomly added features.
>>>>>>
>>>>>> ----- Original Message ----- 
>>>>>> From: "Kerry Hoath" <kerry at gotss.net>
>>>>>> To: "Speakup is a screen review system for Linux." 
>>>>>> <speakup at braille.uwo.ca>
>>>>>> Sent: Thursday, May 14, 2009 9:22 PM
>>>>>> Subject: Re: openvpn configuration
>>>>>>
>>>>>>
>>>>>>> Firstly:
>>>>>>> understand the difference between tun and tap.
>>>>>>> You must use the *same* on both ends, tun for routed vpn, tap for 
>>>>>>> bridged.
>>>>>>>
>>>>>>> decide whether you want routed or bridged and set up accordingly.
>>>>>>> Info on openvpn.net on which is bbest, routed is more scalable and 
>>>>>>> there are tricks to hand out a default gateway on a bridged setup.
>>>>>>>
>>>>>>> these tricks may or may not work with Windows openvpn client see faq 
>>>>>>> files.
>>>>>>>
>>>>>>> I'd set up dev tun on both ends and make sure you can see the other 
>>>>>>> end of your tunnel.
>>>>>>> Best to make connectivity work before you mess with default routes 
>>>>>>> etc.
>>>>>>>
>>>>>>> Is it worth noting here that you are probably violating policy by 
>>>>>>> punching holes through a firewall?
>>>>>>> be aware in case admin comes down on you.
>>>>>>>
>>>>>>> Regards, Kerry.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ----- Original Message ----- 
>>>>>>> From: "Tyler Littlefield" <tyler at tysdomain.com>
>>>>>>> To: "Speakup is a screen review system for Linux." 
>>>>>>> <speakup at braille.uwo.ca>
>>>>>>> Sent: Friday, May 15, 2009 3:08 AM
>>>>>>> Subject: openvpn configuration
>>>>>>>
>>>>>>>
>>>>>>>> Hello list,
>>>>>>>> I'm currently trying to get openvpn going. I have the port open, 
>>>>>>>> but it's not letting me forward all traffic through, for some 
>>>>>>>> reason. Any ideas? I've provided my configs below
>>>>>>>> #server:
>>>>>>>> dev tun
>>>>>>>> secret static.key
>>>>>>>> keepalive 10 60
>>>>>>>> ping-timer-rem
>>>>>>>> persist-tun
>>>>>>>> persist-key
>>>>>>>> user nobody
>>>>>>>> group nobody
>>>>>>>> daemon
>>>>>>>> plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so login
>>>>>>>> push "redirect-gateway def1"
>>>>>>>> #client:
>>>>>>>> dev tap
>>>>>>>> remote tds-solutions.net
>>>>>>>> secret C:/static.key
>>>>>>>> keepalive 10 60
>>>>>>>> ping-timer-rem
>>>>>>>> persist-tun
>>>>>>>> push "redirect-gateway def1"
>>>>>>>> resolv-retry infinite
>>>>>>>> nobind
>>>>>>>> proto udp
>>>>>>>> I want to be able to connect from multiple sources, so I used dev 
>>>>>>>> tap.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Tyler Littlefield
>>>>>>>> Web: tysdomain.com
>>>>>>>> email: tyler at tysdomain.com
>>>>>>>> My programs don't have bugs, they're called randomly added 
>>>>>>>> features.
>>>>>>>> _______________________________________________
>>>>>>>> Speakup mailing list
>>>>>>>> Speakup at braille.uwo.ca
>>>>>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Speakup mailing list
>>>>>>> Speakup at braille.uwo.ca
>>>>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>>>>>
>>>>>> _______________________________________________
>>>>>> Speakup mailing list
>>>>>> Speakup at braille.uwo.ca
>>>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Speakup mailing list
>>>>> Speakup at braille.uwo.ca
>>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>>>
>>>> _______________________________________________
>>>> Speakup mailing list
>>>> Speakup at braille.uwo.ca
>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>>>
>>>
>>> _______________________________________________
>>> Speakup mailing list
>>> Speakup at braille.uwo.ca
>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>
>> _______________________________________________
>> Speakup mailing list
>> Speakup at braille.uwo.ca
>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

More information about the Speakup mailing list