Differences between revisions 1 and 9 (spanning 8 versions)
Revision 1 as of 2006-05-16 03:55:59
Size: 291
Editor: rowlf
Comment:
Revision 9 as of 2006-05-22 01:39:51
Size: 2465
Editor: rowlf
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
On build machine = Windows to Linux VPN =
Line 3: Line 3:
This may be '''skipped''' if you already have a built RPM of OpenVPN or sourced it from {{{yum}}} . Related documents: Roll out custom [:OpenVPNRollOut:Windows OpenVPN clients]

== On build machine ==
This may be '''skipped''' if you already have a built RPM of OpenVPN or sourced it from {{{yum}}}. From FC3 {{{openvpn}}} is available in the extras repositories.
Line 6: Line 9:
yum install lzo lzo-devel openssl-devel pam-devel
rpmbuild -tb openvpn-2.0.5.tar.gz
scp /usr/src/redhat/RPMS/i386/openvpn-2.0.5-1.i386.rpm ccc@192.168.1.85:}}}		 # yum install lzo lzo-devel openssl-devel pam-devel
# rpmbuild -tb openvpn-2.0.5.tar.gz
# scp /usr/src/redhat/RPMS/i386/openvpn-2.0.5-1.i386.rpm ccc@192.168.1.85:
}}}
== On the server ==
{{{
# yum install lzo
# rpm -Uvh openvpn-2.0.5-1.i386.rpm
# cd /etc/openvpn
# /usr/sbin/openvpn --genkey --secret key
# vi openvpn.conf}}}
The config of {{{openvpn.conf}}} will included something similar to the following options:

{{{
dev tap
ifconfig 10.3.0.1 255.255.255.0
secret key
ping 10
verb 3
mute 10}}}
If multiple customers are going to be connecting to a single server, like in the situation of an ASP. Multiple keys can be setup, along with multiple configuration files, but a different {{{port}}} must be setup for each customer/configuration.

== Windows Clients ==
Install the latest version of[http://openvpn.se/ OpenVPN GUI for Windows], applying all the default options. The file{{{key}}}generated on the server must be copied into the configuration directory of OpenVPN.
In that same directory a configuration file{{{config.ovpn}}}similar to{{{openvpn.conf}}}must be created.
{{{
remote 666.666.666.666 # Servers external static IP
dev tap
ifconfig 10.3.0.2 255.255.255.0
secret key
ping 10
verb 3
mute 10
}}}
On a network with NAT, port {{{1194}}} with protocol {{{UDP}}} must be forwarded to 192.168.1.85. [http://openvpn.se/files/howto/openvpn-howto_roll_your_own_installation_package-Rev1.1.html Roll Your Own OpenVPN Windows Installation Package]. Windows clients are known to time out, if OpenVPN is run as a service (non GUI) the following commands from attachment:RestartVPN.bat can quickly restart the service.

{{{
net stop "openvpn service"
net start "openvpn service"
}}}

= Creative Staff Client Configuration =
{{{
# Configuration for connecting into Creative computing internal network
dev tap
proto udp
remote muppets.crecom.com.au 1194
resolv-retry infinite
nobind
secret cc.key
ifconfig 192.168.128.x 255.255.255.0 # This line is client dependent.
route 192.168.127.0 255.255.255.0 192.168.128.1
dhcp-option DOMAIN crecom.com.au
dhcp-option DNS 192.168.128.1
ping 10
}}}

Windows to Linux VPN

Related documents: Roll out custom [:OpenVPNRollOut:Windows OpenVPN clients]

On build machine

This may be skipped if you already have a built RPM of OpenVPN or sourced it from yum. From FC3 openvpn is available in the extras repositories. 

# yum install lzo lzo-devel openssl-devel pam-devel
# rpmbuild -tb openvpn-2.0.5.tar.gz
# scp /usr/src/redhat/RPMS/i386/openvpn-2.0.5-1.i386.rpm ccc@192.168.1.85:

On the server

# yum install lzo
# rpm -Uvh openvpn-2.0.5-1.i386.rpm
# cd /etc/openvpn
# /usr/sbin/openvpn --genkey --secret key
# vi openvpn.conf

The config of openvpn.conf will included something similar to the following options: 

dev tap
ifconfig 10.3.0.1 255.255.255.0
secret key
ping 10
verb 3
mute 10

If multiple customers are going to be connecting to a single server, like in the situation of an ASP. Multiple keys can be setup, along with multiple configuration files, but a different port must be setup for each customer/configuration.

Windows Clients

Install the latest version of[http://openvpn.se/ OpenVPN GUI for Windows], applying all the default options. The filekeygenerated on the server must be copied into the configuration directory of OpenVPN. In that same directory a configuration fileconfig.ovpnsimilar toopenvpn.confmust be created. 

remote 666.666.666.666        # Servers external static IP
dev tap
ifconfig 10.3.0.2 255.255.255.0
secret key
ping 10
verb 3
mute 10

On a network with NAT, port 1194 with protocol UDP must be forwarded to 192.168.1.85. [http://openvpn.se/files/howto/openvpn-howto_roll_your_own_installation_package-Rev1.1.html Roll Your Own OpenVPN Windows Installation Package]. Windows clients are known to time out, if OpenVPN is run as a service (non GUI) the following commands from attachment:RestartVPN.bat can quickly restart the service. 

net stop "openvpn service"
net start "openvpn service"

Creative Staff Client Configuration

# Configuration for connecting into Creative computing internal network
dev tap
proto udp
remote muppets.crecom.com.au 1194
resolv-retry infinite
nobind
secret cc.key
ifconfig 192.168.128.x 255.255.255.0                    # This line is client dependent.
route 192.168.127.0 255.255.255.0 192.168.128.1
dhcp-option DOMAIN crecom.com.au
dhcp-option DNS 192.168.128.1
ping 10

OpenVPN (last edited 2023-12-28 04:41:58 by KafuWong)