This is how I am trying to set it up ...

[cpthk]

This is how I want to set it up as shown in the picture. I am trying to have PC 2 as a client connect into my network to the openVPN server, so PC 1 and PC 2 can see each other as local area network. Besides some setup at the server and client, is there any other setup I need to do at my router? I am pretty sure I need some port forwarding, right? At my server, do I need 2 network adapter?

Thanks.

[maikcat]

hi there,

you need the following

1)static public ip on your internet router (server side)
2)port forward the openvpn port from your router to your openvpn server
3)setup routing on your router (server side) so must know where to route packages destined for your vpn
4)openvpn *creates* virtual ethernet adapter ,so you dont need a 2 physical interface

all the above in case you use routed mode for your vpn,

alternatively you can use openvpn in bridge mode,but i dont recommend it..

michael.

[cpthk]

Thanks, Michael.

Can you go a little more detail on the 3rd bullet point? What's the reason I need to setup routing? Is it to route the package from PC 1 to the openVPN server so openVPN will be able to get the packets that PC 1 send out? (My educated guess)

If I change and setup OpenVPN server on my PC 1, I no longer need to setup the rounting, is that correct?

Thanks.

[maikcat]

hi there,

>3)setup routing on your router (server side) so must know where to route packages destined for your vpn

let me explain...

example

your lan (192.168.1.0/24)
openvpn server lan ip 192.168.1.10
router ip 192.168.1.1
openvpn virtual (tun) interface 10.0.0.1/24

all pcs in your lan have gateway the router (192.168.1.1)

one pc from internet connects into your vpn server and gets 10.0.0.10 ip and a static
route for network 192.168.1.0/24

assume that one pc inside your lan has 192.168.1.100 ip and gateway (as mentioned before)
192.168.1.1..

if it tries to ping the 10.0.0.x subnet the packets will go:

to default gateway (router) -- and then to the internet..
this because your internet router has in its routing table an entry reffering
to the local lan (192.168.1.0/24 net) and a default gateway which is your ISP..
to access the vpn ips must know that to access the vpn subnet must forward
packets to your vpn server (192.168.1.10) and NOT the internet...

is it clear now?

Michael

[cpthk]

After I setup the routing, how does PC 2 from internet connect/ping PC 1 in my local? (since PC 1 doesn't have a 10.0.0.x ip address) Does PC 1 also need to install OpenVPN and connect to OpenVPN server to get a 10.0.0.x ip address?

Thanks.

[maikcat]

the openvpn server "pushes" routes to clients..
in your case it pushes a static route to 192.168.1.0 subnet to vpn client,
so pc1 when it tries to reach pcs in 192.168.1.0 subnet sends the packets
via vpn tunnel...

thats why pc2 needs to know about 10.0.0.0 subnet..

no you dont have to install/setup openvpn to pc1,only to pc2 and openvpn server.

michael.