You are not logged in.
Since I want to access to my openwrt router at my network's home I discovered I am forced to use OpenVPN. In fact the ISP which provides the internet connection doesn't allow his customers to be visible from the exterior (it is an Italian ISP named Fastweb).
The pc with what I want to access my router from the exterior is connected to the internet with a public IP and I can open the doors I want. For this reason I want to install the openvpn server on that pc.
What I would like to achieve is to see all the devices connected on the openwrt router (and the router itself) from the PC with the public IP.
For example, access the router web interface by simply writing 192.168.1.1 on the pc with openvpn server of which the local address is 10.0.0.2.
At the same time I would avoid to install the openvpn client on each device connected to the openwrt router. Is this possible? So reach the 192.168.1.3 pc from my openvpn server pc with 10.0.0.2 as local address, without installing openvpn client on the 192.168.1.3 pc.
Is this kind of operation called "bridging"? I am pretty new with openvpn, so I came here to gently ask if you can suggest me some configurations for the openvpn server and client.
What would happen if I restart the pc with the openvpn server? I mean does the router with openvpn client automatically reconnect as soon the openvpn server is again on?
I think an image is better descriptive of what I want to build:
Really thanks in advance.
Last edited by Garret (2011-12-14 00:53:28)
Offline
EDIT: AFAIK, the concept of "Server" and "Client" in OpenVPN only refers to which machine initiates the connection. It doesn't affect the resulting connection. That is entirely dependent on the configuration.
At the same time I would avoid to install the openvpn client on each device connected to the openwrt router. Is this possible? So reach the 192.168.1.3 pc from my openvpn server pc with 10.0.0.2 as local address, without installing openvpn client on the 192.168.1.3 pc.
You only need the Client on one machine.
Is this kind of operation called "bridging"? I am pretty new with openvpn, so I came here to gently ask if you can suggest me some configurations for the openvpn server and client.
If you setup a bridged VPN, the "OpenVPN Server" machine will get a second address within the 192.168.1.x network (for example, 192.168.1.20). It will use this address (via the VPN) to connect to the other hosts inside your network.
If you setup a routed VPN, then both address ranges (192.168.1.x and 10.0.0.x) will "become visible" at both ends.
If you only want the "OpenVPN Server" to be able to access your "home", then I would recommend a Bridged VPN.
What would happen if I restart the pc with the openvpn server? I mean does the router with openvpn client automatically reconnect as soon the openvpn server is again on?
Yes.
Last edited by fukawi2 (2011-12-13 22:38:58)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
You only need the Client on one machine.
For one machine you mean the router right? Then the vpn is immediately accesible also to the devices connected to the router.
If you setup a routed VPN, then both address ranges (192.168.1.x and 10.0.0.x) will "become visible" at both ends.
I think this the option I was having in mind and I was describing in my post.If you only want the "OpenVPN Server" to be able to access your "home", then I would recommend a Bridged VPN.
Ok, even if the routed vpn seemed to be the solution I wanted to describe in my post.
Have you any idea of sample configs for the server and the client for a Bridged VPN?
Last edited by Garret (2011-12-13 22:49:40)
Offline
Moving to "Networking, Server & Protection" as its to do with that.
Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.
Offline
fukawi2 wrote:You only need the Client on one machine.
For one machine you mean the router right? Then the vpn is immediately accesible also to the devices connected to the router.
So long as the "client" is setup to route the traffic correctly (This is for sharing/routing an internet connection; you're doing the same thing with a VPN connection: https://wiki.archlinux.org/index.php/Internet_Share)
Have you any idea of sample configs for the server and the client for a Bridged VPN?
Not for bridged I don't. I only use Routed. There are plenty of examples to be found via Google.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Not for bridged I don't. I only use Routed. There are plenty of examples to be found via Google.
Could you share your router configs. It is better than nothing and at the end I think they are pretty the same.
Offline
I haven't got a client config handy, but this is my server config. Note this isn't as secure as it could be (using client certificates etc) as it only authenticates using username/password via PAM to my Active Directory servers.
dev tun
local 59.167.xxx.xxx
proto udp
port 5555
keepalive 10 120
cipher AES-256-CBC
comp-lzo
max-clients 64
#
# Authentication Configuration
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so openvpn
client-cert-not-required
username-as-common-name
#
# SSL Options
ca mycompany.pem
cert mycompany.crt
key mycompany.key
dh dh1024.pem
#
# Client Addressing Config
server 172.31.12.0 255.255.255.0
ifconfig-pool-persist ipp.txt
float
#
# Things to tell the client after the connect
push "route 172.31.0.0 255.255.0.0" # Company /16
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
verb 3
mute 10
Last edited by fukawi2 (2011-12-14 23:11:02)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline