You are not logged in.

Pages: 1

#1 2011-07-27 17:30:19

Xi0N
Member
From: Bilbao - Spain
Registered: 2007-11-29
Posts: 832
Website

Help configuring OpenVPN-bridge connection

Hi!
I have been following the wiki for setting up my OpenVPN server for making a bridge connection.https://wiki.archlinux.org/index.php/OpenVPN_Bridge

First of all: I must point out that both the local network and the one i am trying to connect to use the same address (192.168.1.x) - will this be a problem?
Second: In the wiki, in the server side, the config file makes reference to a ta.key file, which is not generated if you follow the wiki.... you must generate it (is it necesary?) and copy it to the client as well
Third: I think the configuration is not accurate, because i followed it step by step and i didn't get the VPN bridge to work well... sad It appears as connected, but when i go to whatismyip.com my IP is still the one of my home (instead of the one the VPN is in)

I want to ask if this method will be the good one to follow for my scenario: I wish to be able to connect to the VPN so the remote computer gets integrated in the remote network, as if it were inside of the remote network... is this the way to do so?
Also, if anyone can clarify or point out a better redacted how-to, it would be really appreciated... smile
I don't know what else to do... probably i need a lot of tweaking in the server side, but i am no expert with VPN... so, any help will be much appreciated smile

EDIT: Also: The keys are generated and seem to be correct, i would only need a server/client config file example and i would be good to go..... because the bridge is (supposed to be) working.......

EDIT2: I actually have a working OpenVPN server in NAT mode (set up following the steps at https://wiki.archlinux.org/index.php/OpenVPN .. and it does work... would it be easier changing something in this one so i can see the other computers in the remote network?

EDIT3: This is what i get on the server side when i stablish a connection: 

Jul 27 20:07:47 localhost openvpn[844]: MULTI: no dynamic or static remote --ifconfig address is available for jonVPN/87.222.85.xxx:54911
Jul 27 20:18:56 localhost openvpn[844]: MULTI: no dynamic or static remote --ifconfig address is available for jonVPN/87.222.85.xxx:49922

?????

Last edited by Xi0N (2011-07-27 18:19:33)

Offline

#2 2011-07-29 20:46:00

Xi0N
Member
From: Bilbao - Spain
Registered: 2007-11-29
Posts: 832
Website

Re: Help configuring OpenVPN-bridge connection

Ok, i got it working,... now i connect to the VPN network, and get an IP...... but i see no computers around me nor can get out to the internet via the VPN.... here is my server.conf file:

# /etc/openvpn/server.conf
# 2009.12.31
#
# address to bind to, instead of all available
;local 192.168.3.252
# new features, as of v2.1.1
#can listen on multiple ips over udp
#multihome
# needed to allow internally called scripts like up/down
#  to call external programs like ifup, etc
;script-security 2

# tcp might work better on certain "dev tun" setups
#  but not for wrapping more tcp or further encrypted
#  streams, as that would be redundant, and very slow
# "port 1194" and "proto udp" are defaults
port 1195
proto udp

# could specify interface, like tap0 or tap1
#  or use up/down routing scripts to handle
#  more than one, if needed
dev tap0

# simple scripts
#  for adding/removing  to tap
;up "up.sh br0:0"
;down "down.sh br0:0"

# identical certificate on server & client
ca /etc/openvpn/easy-rsa/keys/ca.crt

# server's own cert/key
cert /etc/openvpn/easy-rsa/keys/VPN.crt
key /etc/openvpn/easy-rsa/keys/VPN.key  # keep secret

# for certificate handshake
dh /etc/openvpn/easy-rsa/keys/dh1024.pem

# no arguments will use this subnet's dhcp server
#  not openvpn dynamic/static assigment
# either way is good, but if you know you're not conflicting
#  with any other IP addressing schemes on your subnet,
#  this is much faster
# this directive expands to include "mode server" and "tls-server"
#  so including them elsewhere is redundant
server-bridge 192.168.1.252 255.255.255.0 192.168.1.50 192.168.1.55
# like what dhcp does, reuses IPs
ifconfig-pool-persist ipp.txt


# this one uses a dhcp server, server-side
#  potentially better for controlling ip addresses from one location
#  clients must support binding their dhcp client to their tap adapter
server-bridge nogw # 'nogw' is optional

# openvpn server routes client packets to each other itself
#  should happen anyway in 'dev tap' mode, but this saves time
client-to-client

# ping clients to auto close server side connection
keepalive 10 60

# 0 for server, 1 for client
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 # This file is secret

# cryptographic cipher.
;cipher BF-CBC        # Blowfish (default)
cipher AES-128-CBC   # AES

# compression is useful for xfer of
#  not already compressed files, like database
#  files, otherwise add needless overhead
# comp-lzo [mode] ; yes|no|adaptive, adaptive default
comp-lzo

# not needed yet
;max-clients 100

# drop root priveledges once connected
#  good idea, for servers running on linux
user nobody
group nobody

# avoid accessing things you no longer can
persist-key
persist-tun

# short status file showing current connections
#  rewritten every minute.
status /var/log/openvpn-status.log

# use one or the other, useful for managing multiple
#  concurrent servers on a system
;log         openvpn.log
log-append  /var/log/openvpn.log


# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3

# silence repeating messages past certain number, in log
;mute 20
push "dhcp-option DNS 192.168.1.3"
push "dhcp-option DOMAIN mydomain.lan"

And the client conf file:

# /%openvpn%/config/client.conf
# 2009.12.31

# defines order of certificate authentification
# this directive expands to "pull" "tls-client"
#  so including them elsewhere is redundant
client

# type of server
dev tap

# windows needs tap name, if more than one
;dev-node OpenVPN Bridge Connection

# remote <hostname> [port] [proto]
remote 212.xxx.xxx.xxx 1195 udp

# only works for peers using the "remote" option
# ok if the ip address for remote changes during session
float
# uses a random port client-side
nobind

# this is for laptops or internet conditions
#  where openvpn server hostname cannot be resolved easily,
#  or changes often, etc
# infinte is the default, or value for seconds
resolv-retry infinite

# public
ca keys/ca.crt
cert keys/jonVPN.crt
# private
key keys/jonVPN.key
# needed when specified in server
# 0 = server, 1 = client
tls-auth keys/ta.key 1

# verify that the server has certificate field "server"
# protects against certain attacks
ns-cert-type server

;cipher BF-CBC
cipher AES-128-CBC

# comp-lzo [mode] ; yes|no|adaptive, adaptive default
comp-lzo

# try to preserve some states across restarts
persist-key
persist-tun

verb 3

What am I missing?

Last edited by Xi0N (2011-07-29 20:46:23)

Offline

#3 2011-07-30 00:27:16

Xi0N
Member
From: Bilbao - Spain
Registered: 2007-11-29
Posts: 832
Website

Re: Help configuring OpenVPN-bridge connection

Ok, i will finally not use the bridging option and go for the tunneling one.

This is my current problem (forget everything above)

on the server side, if i set this:

push "dhcp-option DNS 192.168.1.3"
push "dhcp-option WINS 192.168.1.3"
push "redirect-gateway def1"

I get internet connection via VPN
I don't get to see the computers on the remote network (under 192.168.1.x, same subnet as my local subnet)

then, if i add this line:

[b]push "route 192.168.1.0 255.255.255.0"[/b]
push "dhcp-option DNS 192.168.1.3"
push "dhcp-option WINS 192.168.1.3"
push "redirect-gateway def1"

I get NO internet connection via VPN
I see the computers on the remote network (under 192.168.1.x, same subnet as my local subnet)

How can i do to both connect to the internet plus see the computers in the local network?

Offline

Pages: 1

Board footer

Powered by FluxBB