OpenVPN trouble... fails to start

[boelle]

success... i think

pi@raspberrypi /etc/openvpn/easy-rsa $ sudo /etc/init.d/openvpn restart
[ ok ] Stopping virtual private network daemon:.
[ ok ] Starting virtual private network daemon: openvpn.


now how do i set the conf so that when i connect it will give client ip's staring with 192.168.0.150 and up

conf - server:

Code: Select all

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log 20
verb 3
client-to-client
push "redirect-gateway def1"
#set the dns servers
push "dhcp-option DNS 192.168.0.1" # YOUR ROUTER'S IP ADDRESS
log-append /var/log/openvpn.log
comp-lzo

forgot to tell that when i restarted the openvpn server the wifi connection dropped... i had to pull the dongle and insert

just getting the keys to my mindows pc and will then use my phone to create a wifi hotspot and let my windows pc connect to that and see if i can get to it

server log

Code: Select all

Fri Nov 21 00:27:57 2014 OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Oct 12 2013
Fri Nov 21 00:27:57 2014 WARNING: --keepalive option is missing from server config
Fri Nov 21 00:27:57 2014 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as interne$
Fri Nov 21 00:27:57 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Nov 21 00:27:57 2014 Diffie-Hellman initialized with 1024 bit key
Fri Nov 21 00:27:57 2014 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Nov 21 00:27:57 2014 Socket Buffers: R=[163840->131072] S=[163840->131072]
Fri Nov 21 00:27:57 2014 ROUTE default_gateway=192.168.0.1
Fri Nov 21 00:27:57 2014 TUN/TAP device tun0 opened
Fri Nov 21 00:27:57 2014 TUN/TAP TX queue length set to 100
Fri Nov 21 00:27:57 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Nov 21 00:27:57 2014 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Fri Nov 21 00:27:57 2014 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Fri Nov 21 00:27:57 2014 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Nov 21 00:27:57 2014 GID set to nogroup
Fri Nov 21 00:27:57 2014 UID set to nobody
Fri Nov 21 00:27:57 2014 UDPv4 link local (bound): [undef]
Fri Nov 21 00:27:57 2014 UDPv4 link remote: [undef]
Fri Nov 21 00:27:57 2014 MULTI: multi_init called, r=256 v=256
Fri Nov 21 00:27:57 2014 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Fri Nov 21 00:27:57 2014 Initialization Sequence Completed

see that i have forgotten a keepalive setting? or does it matter?

[boelle]

client conf, not tested yet

Code: Select all

dev tun
client
proto udp
remote RASPBERRY-PI-IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3

[boelle]

so my not so smart phone decided it would not share its 4G connection

but from my normal wifi i was able to connect to the server....

is there a way i can check that i'm on the local network? ie force win 8.1 to use the vpn and not the wifi?


and next what should i change in the conf to have the vpn server issue a ip in the same range as my local network is? my routers last local ip in the dhcp server is 192.168.0.99 so starting from 192.168.0.150 seems ok to me... never going to have a 100 pc's anyway

next after that would be to make sure that a pc connected from the outside can get to an internal pc... i have another pi i can setup for that... an also i could just from the outside ssh to the server...

[boelle]

found a guide on how to set the ip of the clients... so far so good...

would there be any problems in that i spec the server ip 192.168.0.2 to get it to pick 192.168.0.3 which is also that the dhcp server asigns to the pi?

or am i getting the server ip setting wrong?

[Traffic]

If your server LAN is 192.168.0.0/24 then you are headed for an IP Conflict.

That is the reason that the example configs use 10,8.0.0/24 as the example VPN IP ..
which must be different to the LAN IP in --dev tun mode

[boelle]

hehe

all i want to be sure is that a client can access all lan pc's and that a lan pc can also access the client

setting the ip of the connecting clients are half the work...


but lets say my local lan ip for my pc is 192.168.0.10 and i want to be able to access a client with 10.8.0.6 and also the other way round....

is that the push route setting i have to set right?


btw... my main router is not able to set static routes.... my ISP has disabled that... and also disabled the option to update firmware... say to protect users bla bla bla... but the firewall part of it is not bad at all...

[boelle]

so far i have figured to set a persistent static route on my windows pc as the router does not allow to set routes...

i just need to figure the other ½ of the setup so the client have full lan access and pc at lan have full access to client