OpenVPN newbie question

[ajayoct]

Hello,

I was asked by our administrator to setup a mock vpn using OpenVPN or IPSEC and after evaluating between the two ,Iam confused now.

We run a Windows2003 server with softlayer and basically our client wants to make use of VPN in UAE for voip services.

Some of my questions are:-
- Is there OpenVPN server solution for Windows , or is it the virtual one with VMWARE the only option ?
- I tought OpenVPN was free and unlimited license if we are using our own server, but someone tells me I only get only 2 license and pay for more.
-I went through the Windows GUI(openvpn.se) for client install and read somewhere there manually client config and ip addresses has to be entered. I wish to provide a one step quick install for the client> will I be able to package in such a form.
- and also whenever our IP changes how will I be able to update the client's software apart from providing a fresh installer package ?
- Once the VPN is running will VOIP traffic also run through it, or will I have to provide proxy settings manually.
Is there a sample OpenVPN server IP so I can setup a GUI and try modifying the config files and see the gui


Thanks a lot once again
Ajoy

[Bebop]

Hi, welcome to the forums.

Is there OpenVPN server solution for Windows , or is it the virtual one with VMWARE the only option

Good news for you. The client and server are designed to work with native Windows. Here's the link: http://openvpn.net/index.php/open-source/downloads.html

I tought OpenVPN was free and unlimited license if we are using our own server, but someone tells me I only get only 2 license and pay for more.

More good news -- as far as I know, the community version is free for unlimited use.

I wish to provide a one step quick install for the client> will I be able to package in such a form

Yes you can pre configure a package and distribute that to your clients, who can all get on your VPN without further IP and other entries.

whenever our IP changes how will I be able to update the client's software apart from providing a fresh installer package

Dynamic DNS maybe (dyndns, no-ip).

Is there a sample OpenVPN server IP so I can setup a GUI and try modifying the config files and see the gui

Free trials available on Google. I don't know of any fully sandbox servers off hand.

Best of luck with your venture.

[ajayoct]

Hey

Thanks a ton! that was quick.

The IP changing what I meant is not static or dynamic issues, it is we purposefully changing IP's so that some ISP providers tend to block VOIP services IP.
Guess I'll link the IP to a website hostname and change the IP when necessary.

Also can you provide some links on that packaging the client software with necessary options.
Can't seem to find the right one.

Thanks once again

[Bebop]

I can help you get a framework together, you will have to fill in the details though.

The package you want for you and your clients is here: http://swupdate.openvpn.net/community/r ... nstall.exe

This will get OpenVPN installed on your server and on your client machines. The package is both client and server in one.

A typical server config will look like this (name it server.ovpn):

Code: Select all

port 1194
proto udp
dev tun
server 10.0.0.0 255.255.255.0 #this is not WAN IP, this is a new IP allocation pool for your clients

ca ca.crt               
cert server.crt
key server.key  
dh dh1024.pem

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"      
keepalive 10 120         
comp-lzo                   
persist-key                
persist-tun                
verb 3                      

So you put that in your server conf dir.

For your client you make (client.ovpn):

Code: Select all

client
dev tun
proto udp
remote your-servername.dyndns.com 1194         #if you got a changing IP, then use something like dyndns.com to keep track for you    
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3
explicit-exit-notify 2
ping 10
ping-restart 60

Now put the client.conf in a zip file with the certs and distribute the zip to your clients. Your clients will put the files from the zip into the conf dir and then connect to the vpn. If you setup dyndns.com with your IP, then your clients don't need to change any settings in the future.

What I showed you is just a basic framework. You can finish it by reading the documentation, and adapting it to your needs.

[ajayoct]

Well, I got that part working.
How can I get to use the internet connection(as a proxy) of my server connection, Will I have to do ethernet bridge?
What about VOIP , SIP ports, how do I make sure they pass through the VPN.

I guess regarding client side packaging, distributing conf fiels seems to be the way.But the people using the services are really amateur and how will I provide a one click installer ?

[Bebop]

Well, I got that part working.
How can I get to use the internet connection(as a proxy) of my server connection, Will I have to do ethernet bridge?
What about VOIP , SIP ports, how do I make sure they pass through the VPN.

Someone else here will have to answer that for you. My knowledge of VOIP | SIP etc is limited, but at a guess -- redirect gateway may be sufficient. Redirect gateway uses simply just route changes to direct traffic through the VPN. Bridge / TAP mode I don't know if you need that or not. Someone else from the forum will be able to help you.

the people using the services are really amateur and how will I provide a one click installer ?

Bundle the OpenVPN installer with confs preconfigured. Most good VPN providers do that. It may require a 3rd party installer software (such as Nullsoft Scriptable Installer System: NSIS).