vpn between my 2 windows PCs

[mfran2002]

Hi there,
I have 2 PCs (win7pro, win10pro)
PC1 win7 based at home, PC2 win10 laptop around the world

my home internet provider NAT me and does not allow port forwarding on the router

Then I read about openVPN excellent solution for me, to allow keep in touch my home pc when I am travelling

I'd need some support about the config, please correct me when wrong:

1. install openVPN on both PCs
2. on PC1 (home), launch "Generate a static OpenVPN key" and copy this key file (myfile.key) also onto PC2 (laptop)
3. right click on openVPN into system tray and then "Edit config"
4. into this config file insert these statements:

on PC1:
remote PUBLIC_IP_BY_PROVIDER_PC1
ifconfig 10.3.0.1 255.255.255.0
secret myfile.key

on PC2:
remote PUBLIC_IP_BY_PROVIDER_PC2
ifconfig 10.3.0.2 255.255.255.0
secret myfile.key

questions:

• is it alright?

• only these 3 statements on the config file?

• at home I installed dyndns, may I put my dyndns URL instead of PUBLIC_IP_BY_PROVIDER_PC1 (home)?

thank you so much for your support
michele

[TinCanTech]

Please start with the HOWTO.
https://community.openvpn.net/openvpn/wiki/HOWTO

[mfran2002]

I read it and I'm almost at a good point, or at least I guess...

my main issue is that one my home laptop is now winXP (win7 is definitively crashed...)

so it runs an older version of openvpn ("openVPN 2.3.18" instead of "openVPN 2.4.7" run into Win10 laptop) and therefore also some of the settings are deprecated

for example, it does not want: ncp-disable

option error: unrecognized option or missing parameters in myvpn.ovpn:1: ncp-disable (2.3.18)

if I remove it, initially it seems that both clients stay waiting for a connection each other (without any errors in the log), but then they stay there indefinitely...

who know something more about this error for ncp-disable?

thanks!

[TinCanTech]

Openvpn 2.3.18 does not support negotiated ciphers and does not recognise --ncp-disable

[mfran2002]

initially, just to avoid more troubles, I would start with a local vpn, inside the LAN (it means that I use the very local IP of my PCs)

this is my config on win10pro laptop (openVPN 2.4.7):

Code: Select all

ncp-disable
dev tun
proto tcp-client
remote 192.168.0.220
port 1194
tun-mtu 1500
ifconfig 10.3.0.2 10.3.0.1
secret mykey.key
cipher AES-256-CBC
nobind
persist-tun
persist-key

and this is the winXP laptop (openVPN 2.3.18):

Code: Select all

dev tun
proto tcp-client
remote 192.168.0.215
port 1194
tun-mtu 1500
ifconfig 10.3.0.1 10.3.0.2
secret mykey.key
cipher AES-256-CBC
nobind
persist-tun
persist-key

[TinCanTech]

One config must not have --remote otherwise neither peer listens.

[mfran2002]

One config must not have --remote otherwise neither peer listens.

thanks for the suggestion TinCanTech,
just tried to leave "remote" command only in one config file but I get this error:

Options error: --nobind doesn't make sense unless used with --remote

I obviously removed "nobind" from the same config file but I still get the same error!
ARGH!
even if nobind has been removed!

why?

[TinCanTech]

--nobind means use an OS supplied ephemeral port (1024>65535) and is only used by the client.

The server has to bind to a port to listen on it.

[mfran2002]

ok
but then I cannot remove "remote"...

whant I would like to create is a simple client-to-client vpn, what am I going wrong with those 2 config files?

thanks for you support!

[TinCanTech]

https://community.openvpn.net/openvpn/w ... yMiniHowto

[mfran2002]

thank you so much TinCanTech!
it works!

I tried into my own LAN and it works

unfotunately, just now, my provider informed me that they NAT "everything that breathe" (also if I forward the desidered port inside the router) and indeed I'm not able to activate VPN with one laptop external...

do you know if I can do something to fix that?

thank you again for your precious help!
m