openvpn configuration

Kerry Hoath kerry at gotss.net
Fri May 15 11:29:13 EDT 2009


then apply my suggestions and get back to me with results. i've made a 
number of suggestsions in the previous message but have had no feedback.
I'd suggest a routed vpn, dev tun, ips outside your subnet, get your server 
to nat for the vpn.
regards, Kerry.

----- Original Message ----- 
From: "Tyler Littlefield" <tyler at tysdomain.com>
To: "Speakup is a screen review system for Linux." <speakup at braille.uwo.ca>
Sent: Friday, May 15, 2009 9:51 PM
Subject: Re: openvpn configuration


>I don't mind you not debugging. I'd like to learn, basically I just want 
>something that will route all network traffic through the vpn, for when I'm 
>at other places, not just school.
>
> Thanks,
> Tyler Littlefield
> Web: tysdomain.com
> email: tyler at tysdomain.com
> My programs don't have bugs, they're called randomly added features.
>
> ----- Original Message ----- 
> From: "Kerry Hoath" <kerry at gotss.net>
> To: "Speakup is a screen review system for Linux." 
> <speakup at braille.uwo.ca>
> Sent: Friday, May 15, 2009 6:38 AM
> Subject: Re: openvpn configuration
>
>
>> With a static key there is one client and one server, openvpn can not 
>> handle more than one client per instance.
>> You'd need to launch one instance of openvpn for each client connecting 
>> on a different port.
>>
>>
>> ip addresses must be outside your network for the vpn; if using a routed 
>> vpn.
>> If using a bridge i'd assume you have bridged tap0 on your server to an 
>> ethernet interface on your subnet as described in the bridging mini-howto 
>> on the openvpn site.
>>
>> If you intend to bridge; handing out a default gateway to your client pc 
>> isn't trivial.
>>
>> Perhaps you should consider getting your hands on the building vpn 
>> networks with openvpn from pakt publishing book it is easy to follow.
>>
>> Also specifying what you exactly want to achieve in terms of vpns and 
>> networks might allow people to give you more directed help.
>> I'm personally not debugging your config files but someone else might be 
>> more kind; it's hints only.
>>
>> You must have either dev tap or dev tun on *both* ends of the connection, 
>> you can not mix and match.
>> tun is routed, vpn ips outside your subnet with apropriate routing.
>>
>> dev tap is bridge, bridge the tap0 and eth0 interfaces making sure you 
>> openvpn mktun the tap0 interface first.
>>
>> Regards, Kerry.
>>
>> ----- Original Message ----- 
>> From: "Tyler Littlefield" <tyler at tysdomain.com>
>> To: "Speakup is a screen review system for Linux." 
>> <speakup at braille.uwo.ca>
>> Sent: Friday, May 15, 2009 7:22 PM
>> Subject: Re: openvpn configuration
>>
>>
>>> he static key shows ifconfig x.x.x.x to x.x.x.x, sounds like there isn't 
>>> much handed out there...
>>>
>>>
>>> Thanks,
>>> Tyler Littlefield
>>> Web: tysdomain.com
>>> email: tyler at tysdomain.com
>>> My programs don't have bugs, they're called randomly added features.
>>>
>>> ----- Original Message ----- 
>>> From: "Kerry Hoath" <kerry at gotss.net>
>>> To: "Speakup is a screen review system for Linux." 
>>> <speakup at braille.uwo.ca>
>>> Sent: Thursday, May 14, 2009 10:34 PM
>>> Subject: Re: openvpn configuration
>>>
>>>
>>>> ip is handed out by openvpn from your server.
>>>> If you want the same ip every time then set that up on openvpn to do 
>>>> that, see the static key mini howto on the subject.
>>>>
>>>> You should not need to use ifconfig on the client side to set ips on 
>>>> tunnel let openvpn pull the necessary options from the server.
>>>> I use a routed vpn all the time and allways get the same ip from my 
>>>> server vpn ip that is.
>>>> Regards, Kerry.
>>>>
>>>> ----- Original Message ----- 
>>>> From: "Tyler Littlefield" <tyler at tysdomain.com>
>>>> To: "Speakup is a screen review system for Linux." 
>>>> <speakup at braille.uwo.ca>
>>>> Sent: Friday, May 15, 2009 11:35 AM
>>>> Subject: Re: openvpn configuration
>>>>
>>>>
>>>>> It's fine. kids have exploits they run on the servers, but I'm not 
>>>>> that stupid. vpn is a lot more um, quiet, so I doubt they'll care as 
>>>>> much over the kids running exploits when they want to log to facebook. 
>>>>> Not like I'm looking at porn, just want to be able to do research. 
>>>>> Anything with phpbb is blocked, and I'm frequently reading articles.
>>>>> When I try to set up tun, I need to use ifconfig to set up the tunnel; 
>>>>> I won't always have the same IP, though.
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Tyler Littlefield
>>>>> Web: tysdomain.com
>>>>> email: tyler at tysdomain.com
>>>>> My programs don't have bugs, they're called randomly added features.
>>>>>
>>>>> ----- Original Message ----- 
>>>>> From: "Kerry Hoath" <kerry at gotss.net>
>>>>> To: "Speakup is a screen review system for Linux." 
>>>>> <speakup at braille.uwo.ca>
>>>>> Sent: Thursday, May 14, 2009 9:22 PM
>>>>> Subject: Re: openvpn configuration
>>>>>
>>>>>
>>>>>> Firstly:
>>>>>> understand the difference between tun and tap.
>>>>>> You must use the *same* on both ends, tun for routed vpn, tap for 
>>>>>> bridged.
>>>>>>
>>>>>> decide whether you want routed or bridged and set up accordingly.
>>>>>> Info on openvpn.net on which is bbest, routed is more scalable and 
>>>>>> there are tricks to hand out a default gateway on a bridged setup.
>>>>>>
>>>>>> these tricks may or may not work with Windows openvpn client see faq 
>>>>>> files.
>>>>>>
>>>>>> I'd set up dev tun on both ends and make sure you can see the other 
>>>>>> end of your tunnel.
>>>>>> Best to make connectivity work before you mess with default routes 
>>>>>> etc.
>>>>>>
>>>>>> Is it worth noting here that you are probably violating policy by 
>>>>>> punching holes through a firewall?
>>>>>> be aware in case admin comes down on you.
>>>>>>
>>>>>> Regards, Kerry.
>>>>>>
>>>>>>
>>>>>>
>>>>>> ----- Original Message ----- 
>>>>>> From: "Tyler Littlefield" <tyler at tysdomain.com>
>>>>>> To: "Speakup is a screen review system for Linux." 
>>>>>> <speakup at braille.uwo.ca>
>>>>>> Sent: Friday, May 15, 2009 3:08 AM
>>>>>> Subject: openvpn configuration
>>>>>>
>>>>>>
>>>>>>> Hello list,
>>>>>>> I'm currently trying to get openvpn going. I have the port open, but 
>>>>>>> it's not letting me forward all traffic through, for some reason. 
>>>>>>> Any ideas? I've provided my configs below
>>>>>>> #server:
>>>>>>> dev tun
>>>>>>> secret static.key
>>>>>>> keepalive 10 60
>>>>>>> ping-timer-rem
>>>>>>> persist-tun
>>>>>>> persist-key
>>>>>>> user nobody
>>>>>>> group nobody
>>>>>>> daemon
>>>>>>> plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so login
>>>>>>> push "redirect-gateway def1"
>>>>>>> #client:
>>>>>>> dev tap
>>>>>>> remote tds-solutions.net
>>>>>>> secret C:/static.key
>>>>>>> keepalive 10 60
>>>>>>> ping-timer-rem
>>>>>>> persist-tun
>>>>>>> push "redirect-gateway def1"
>>>>>>> resolv-retry infinite
>>>>>>> nobind
>>>>>>> proto udp
>>>>>>> I want to be able to connect from multiple sources, so I used dev 
>>>>>>> tap.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Tyler Littlefield
>>>>>>> Web: tysdomain.com
>>>>>>> email: tyler at tysdomain.com
>>>>>>> My programs don't have bugs, they're called randomly added features.
>>>>>>> _______________________________________________
>>>>>>> Speakup mailing list
>>>>>>> Speakup at braille.uwo.ca
>>>>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Speakup mailing list
>>>>>> Speakup at braille.uwo.ca
>>>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>>>>
>>>>> _______________________________________________
>>>>> Speakup mailing list
>>>>> Speakup at braille.uwo.ca
>>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>>>>
>>>>
>>>> _______________________________________________
>>>> Speakup mailing list
>>>> Speakup at braille.uwo.ca
>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>>
>>> _______________________________________________
>>> Speakup mailing list
>>> Speakup at braille.uwo.ca
>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>>
>>
>> _______________________________________________
>> Speakup mailing list
>> Speakup at braille.uwo.ca
>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 




More information about the Speakup mailing list