Home » Linux OS and Software » Templates » Openvpn Config, Can this be done
Sun, 28 March 2010 22:20 Go to next message
Registered: March 2010
Messages: 1
Ok, I have the Openvpn template installed on my VPS and I have been trying to get this working. It is a little bit more advanced than just a simple tunnel. Normally I wouldn't have issues with this, but the kernel is a little funky on these servers and it is making standard procedures not so standard. What I WANT to do is to create a "server" side on the VPS so that multiple clients can connect. I got that part done, no problem, I have 2 clients connected. However, I want to bridge the tunX interfaces so that clients on one VPN can talk to clients on the other VPN through the VPS. Next part that makes it a bit tricky.... All clients that are connecting are running a 192.168.0.0/16 network setup, we did this on purpose and have had this working before on an actual server, one that I own at my location, but we want to move the "central" point of these connections onto the VPS. Also, if it can be done, I would like to make it so that the VPS can be contacted on the 192.168.0.0/16 network as well, say 192.168.100.1 or so. Anyone have any ideas that could help me?
Sun, 04 April 2010 15:27 Go to previous message
Registered: April 2009
Messages: 14
First lets try and figure out what your asking ...

Quote:

However, I want to bridge the tunX interfaces so that clients on one VPN can talk to clients on the other VPN through the VPS.


Are you trying to setup two separate VPN servers, example one hosted from your home network and one hosted by your VPN, and you're attempting you 'merge' the networks so everybody can talk to everybody? If this is the case then i can't help you much, this is well beyond anything I've bothered doing with openvpn.

On the other hand, if you simply want one VPN hosted by your VPS and you're having trouble getting clients to communicate. You're interested in the "client-to-client" openvpn option.

client-to-client: When this option is used, each client will "see" the other clients which are currently connected.  Otherwise, each client will only see the server.


This can be set on the command line or in your openvpn.conf

Quote:

Next part that makes it a bit tricky.... All clients that are connecting are running a 192.168.0.0/16 network setup, we did this on purpose and have had this working before on an actual server, one that I own at my location, but we want to move the "central" point of these connections onto the VPS. Also, if it can be done, I would like to make it so that the VPS can be contacted on the 192.168.0.0/16 network as well, say 192.168.100.1 or so. Anyone have any ideas that could help me?


OK. 192.168.0.0/16 is generally used for local traffic that never sees the internet. I'm not sure if you'll run into issues getting this to work with VPN traffic, but if you say you got it working once it should be the same steps getting it working when your VPS is hosting the VPN.

Here are a few options I've pulled from Gentoo's example openvpn.conf that you might find interesting.

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0

# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).

# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
#   iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN.  This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.

# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
#   ifconfig-push 10.9.0.1 10.9.0.2


Danger
Previous Topic:Any Ubuntu 8.10 LAMP template?
Next Topic:Ubuntu 9.10 template does not work
Goto Forum:
  


Current Time: Sat Sep 23 01:47:35 EDT 2017
.:: Contact :: Home ::.

Powered by: FUDforum 2.7.7.
Copyright ©2001-2006 FUD Forum Bulletin Board Software