Page 1 of 1
How to create a client with a Split tunnel?
Posted: Tue Nov 17, 2015 9:34 pm
by katorce
Well, I have a raspberry PI Server, with a computer at home, and I have openVPN to connect to that VPN.
Right now the use is to encrypt the data where I am in a public location but I would like to be able to Wake On Lan the computer next to the raspberry PI and be able to do remote desktop to that computer (windows 7). I will solve the WOL in another forum so.
1st: I want to configure this computer to connect automatically every time it turns on to VPN, I don't know how to as know I have to right click each time and insert a password. So, How can I achieve that?
2nd: There is no need to add latency to this computer, as the output of the raspberry and itself is the same, they are connected to the same router. So I would like to split tunnel the connection. As the computer has 2 lan ports, I think using the second one to do that, but then I think, there is probably a easier solution using software. So how can I do that?
The client conf file is now as this:
Code: Select all
client
dev tun
proto udp
remote xxx.privateip.ip 4848494
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
Re: How to create a client with a Split tunnel?
Posted: Thu Nov 19, 2015 12:55 am
by Traffic
katorce wrote:1st: I want to configure this computer to connect automatically every time it turns on to VPN, I don't know how to as know I have to right click each time and insert a password
If you have to put in
user/password then .. to start up automatically you
must save the
user/password to an unencrypted file on your PC .. is that
really what you want ?
Perhaps you should review your security protocol ..
https://openvpn.net/index.php/open-sour ... o.html#pki
Re: How to create a client with a Split tunnel?
Posted: Wed Dec 16, 2015 9:59 am
by katorce
It would be better to connect seamless without having the password in a text file. But I do not know how can be possible to do so without compromising the other devices which do need to introduce the password.
Still I am more interested how the split tunnel for this specific computer can be done. After all, this is a home setup.
Re: How to create a client with a Split tunnel?
Posted: Wed Dec 16, 2015 10:31 am
by Traffic
You do not need to use passwords .. use a certificate based PKI.
http://openvpn.net/index.php/open-sourc ... o.html#pki
Or you can selectively use passwords for only certain clients.
If you want to connect to the W7 PC from the remote VPN client then have the W7 PC connect to the VPN automatically. It is a simple setup .. just the follow the HOWTO.
I do not understand what you mean by "split tunnel" ?
Re: How to create a client with a Split tunnel?
Posted: Wed Dec 23, 2015 10:33 pm
by katorce
I have been looking at the wiki and still it has no solve what I want.
Windows
The Windows installer will set up a Service Wrapper, but leave it turned off by default. To activate it, go to Control Panel / Administrative Tools / Services, select the OpenVPN service, right-click on properties, and set the Startup Type to Automatic. This will configure the service for automatic start on the next reboot.
When started, the OpenVPN Service Wrapper will scan the \Program Files\OpenVPN\config folder for .ovpn configuration files, starting a separate OpenVPN process on each file.
This make openVPN to start at the startup, but it doesn´t stablish the connection to the VPN server automatically, still requires me to login as user into windows, click on it, and insert my password.
What I want it is even before any user login (into windows), to be automatically connected to the VPN. The reason I want this is in order to wakeonlan the computer with the raspberry, and connect to remote desktop to use this computer from my laptop when I am not at home.
I just need to know how to tell the service, use this ovpn file, use this password, and do it before any user login. Try 5 times, if it fails, just ignore it.
I don´t mind if the key has to be in a plain text somewhere in my computer. I really tried to look how to tell the service to do that in the wiki but I cannot find it. Perhaps it is because it is not possible to do so.
Re: How to create a client with a Split tunnel?
Posted: Thu Dec 24, 2015 12:53 am
by Traffic
katorce wrote:I just need to know how to tell the service, use this ovpn file, use this password, and do it before any user login
You must use a password file saved on your computer.
See
--auth-user-pass (under client options) in
The Manual v23x
Re: How to create a client with a Split tunnel?
Posted: Thu Dec 24, 2015 10:03 am
by Skaperen
Traffic wrote:I do not understand what you mean by "split tunnel" ?
me, too.
what is a
split tunnel?
Re: How to create a client with a Split tunnel?
Posted: Sat Jan 07, 2017 3:43 am
by Halems
Skaperen wrote:Traffic wrote:I do not understand what you mean by "split tunnel" ?
me, too.
what is a
split tunnel?
https://en.wikipedia.org/wiki/Split_tunneling
Re: How to create a client with a Split tunnel?
Posted: Sat Jan 07, 2017 1:14 pm
by mwandelaar
As your PC and the Raspberry Pi VPN-server are on the same lan, IMHO you don't really need the security of a VPN on that network.
Why don't you just route your local lan through the VPN,
as described here ?
That way you dont need anything extra on the pc and you can RDP into the machine, using it's local LAN-address.