OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

How do I configure my server?

https://forums.openvpn.net/viewtopic.php?t=9010

Page 1 of 1

How do I configure my server?

Posted: Wed Oct 12, 2011 6:02 am
by irrbloss
Hi, I'm going to set up OpenVPN at work and at home, connecting the two nets together.

Our private network at work is 192.168.0.0/22. My private network at home is 10.20.20.0/24. I'm going to use port 443/tcp at work for the server, since all other ports (except 80/tcp, that's already in use) are blocked from incoming traffic.

So I created all the certificates/keys for both the server and the client, but I'm a bit confused about how to configure the server. This is what my server.conf is looking like right now:

Code: Select all

proto tcp
port 443
dev tun0
ca /etc/openvpn/ca.crt
cert /etc/openvpn/name-of-server.crt
key /etc/openvpn/private/name-of-server.key
dh /etc/openvpn/dh1024.pem
server 10.42.42.0 255.255.255.0
float
keepalive 10 120
comp-lzo
user _openvpn
group _openvpn
daemon openvpn
persist-key
persist-tun
push "route 192.168.0.0 255.255.252.0"
route 10.20.20.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
What confuses me are the following lines:

server 10.42.42.0 255.255.255.0
I just put some random net here, this is what the tun0-interface will use? Should it be a "random" private network not in use, or should I use the same net as our private network at work (192.168.0.0/22)?

push "route 192.168.0.0 255.255.252.0"
As I understand it, this will "present" the worknetwork to the vpn-client? Am I correct?

route 10.20.20.0 255.255.255.0
I'm not really sure what this does. Should i put my home network here, or something else?

It would also be nice to get a suggestion on what the client.conf should look like.

Thanks!

Re: How do I configure my server?

Posted: Wed Oct 12, 2011 5:16 pm
by maikcat
hi there,

>server 10.42.42.0 255.255.255.0
>I just put some random net here, this is what the tun0-interface will use? Should it be a "random" private >network not in use, or should I use the same net as our private network at work (192.168.0.0/22)?

dont use the same net as your private network,
use one unused private range

>push "route 192.168.0.0 255.255.252.0"
>As I understand it, this will "present" the worknetwork to the vpn-client? Am I correct?

yeap

>route 10.20.20.0 255.255.255.0
>I'm not really sure what this does. Should i put my home network here, or something else?

this creates entries on servers routing tables and yes it is needed to route
packets for your clients subnet


also for the above to work you must create a ccd file with the following

ifconfig-push 10.42.42.10 10.42.42.9
iroute 10.20.20.0 255.255.255.0

you MUST name the ccd file like the certificate your client is using..

ps: you MUST enable ip forwarding on BOTH client/server

Michael

Re: How do I configure my server?

Posted: Fri Oct 14, 2011 12:00 pm
by irrbloss
Thanks for your help! It's partly working now. From my home network I can ping and access the openvpn-server (192.168.1.2), but I can't reach other computers on the work network. Have I forgot something? Do I have to restart something after I enable ip forwarding? I don't know where to begin the troubleshooting.

Re: How do I configure my server?

Posted: Fri Oct 14, 2011 12:46 pm
by Mimiko
If OpenVPN server is not a default GW for LAN computers, then read this two topics:
topic8877.html
topic8922.html
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/