Message info
 
To:nnpait.services@googlemail.com From:James Babiak Subject:Re: [Astlinux-users] OpenVPN config Date:Fri, 30 Mar 2012 11:26:50 -0400
 

What are the goals you are trying to accomplish with the VPN tunnel?

Are you trying to just create an encrypted tunnel between the two Astlinux boxes for inter-server communication, or are you trying to route traffic across it as well? Are there certain networks you do/don't want to route traffic across?

If you just want to allow the two servers to communicate with eachother, an IPSec tunnel might be easier. If you need more functionality though, OpenVPN would probably be the way to go.

I have set this up in the past, and it is fairly simple and straightforward. It's actually easier in some ways to do it manually (ie: not through the GUI). It's been a while since I did it though, so I don't remember the precise "step-by-step" instructions. I thought there was a How-To guide on the docs.astlinux.com site, but I couldn't find it when I just briefly looked. There was a guide for more granular security, but that's all I found.

Here are my two gui.openvpn configuration files (server and client).

### gui.openvpn.conf - start ###
###
### Device
OVPN_DEV="tun0"
### Port Number
OVPN_PORT="1194"
### Protocol
OVPN_PROTOCOL="tcp-server"
### Log Verbosity
OVPN_VERBOSITY="1"
### Compression
OVPN_LZO="yes"
### QoS Passthrough
OVPN_QOS="no"
### Cipher
OVPN_CIPHER="AES-128-CBC"
### Server Network
OVPN_SERVER="172.21.0.0 255.255.255.0"
### Server Push
OVPN_PUSH="
route 172.20.0.0 255.255.255.0
route 172.30.0.0 255.255.255.0
dhcp-option domain routed.com
dhcp-option DNS 172.20.0.1
"
### Raw Commands
OVPN_OTHER="
ifconfig-pool-linear
"
### CA File
OVPN_CA="/mnt/kd/openvpn/webinterface/keys/ca.crt"
### CERT File
OVPN_CERT="/mnt/kd/openvpn/webinterface/keys/server.crt"
### Key File
OVPN_KEY="/mnt/kd/openvpn/webinterface/keys/server.key"
### DH File
OVPN_DH="/mnt/kd/openvpn/webinterface/dh1024.pem"
### Valid Clients
OVPN_VALIDCLIENTS="
core
galaxy
jbabiak
mac
prism
starfish
starlite
"
### gui.openvpn.conf - end ###
### gui.openvpnclient.conf - start ###
###
### Device
OVPNC_DEV="tun2"
### Port Number
OVPNC_PORT="1194"
### Protocol
OVPNC_PROTOCOL="tcp-client"
### Log Verbosity
OVPNC_VERBOSITY="4"
### Compression
OVPNC_LZO="yes"
### Cipher
OVPNC_CIPHER="AES-128-CBC"
### nsCertType
OVPNC_NSCERTTYPE=""
### Server Network
OVPNC_REMOTE="core.routed.com"
### Server Network
OVPNC_SERVER="172.22.0.0 255.255.255.0"
### Raw Commands
OVPNC_OTHER="
link-mtu 1560
persist-key
persist-tun
"
### CA File
OVPNC_CA="/mnt/kd/openvpn/webinterface/client_keys/ca.crt"
### CERT File
OVPNC_CERT="/mnt/kd/openvpn/webinterface/client_keys/client.crt"
### Key File
OVPNC_KEY="/mnt/kd/openvpn/webinterface/client_keys/client.key"
### gui.openvpnclient.conf - end ###


Obviously you would need to create the requisite keys, certs, etc., but that is fairly easier through the GUI.

You would also need to adjust your network/firewall settings depending on how you wanted to permit traffic or handle routing. But that is dependent on how your network is setup.

How did you brick the server? That shouldn't have happened.

-James

On Fri, Mar 30, 2012 at 10:18 AM, Tom Chadwin <nnpait.services@googlemail.com> wrote:
Hello all

Would it be too much to ask for someone to give the full steps, from start
to finish, to set up a VPN between two Astlinux boxes? I'd prefer OpenVPN. I
need to know what to do (with no shorthand) on both server and client ends.
While I have some knowledge of VPN (IPSEC, L2TP, and OpenVPN), it's very
amateur, and gleaned from GUI front ends to systems.

I've had a go at starting to config the server end with no prior knowledge,
and have bricked a remote box in the process. Hence this request.

Thanks

Tom


------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to paypal@krisk.org.