OpenVPN Support Forum

Code: Select all

;local a.b.c.d
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES
comp-lzo
;max-clients 100
;user nobody
;group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
;log-append  openvpn.log
verb 3
;mute 20

Code: Select all

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source  **.**.**.** # IP masked

Code: Select all

Wed Nov 23 16:13:25 2011 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Wed Nov 23 16:13:25 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Nov 23 16:13:25 2011 LZO compression initialized
Wed Nov 23 16:13:25 2011 UDPv4 link local: [undef]
Wed Nov 23 16:13:25 2011 UDPv4 link remote: **.**.**.**:1194 # masked my IP
Wed Nov 23 16:13:30 2011 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Wed Nov 23 16:13:30 2011 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1542'
Wed Nov 23 16:13:30 2011 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Wed Nov 23 16:13:30 2011 [eco] Peer Connection Initiated with **.**.**.**:1194 # masked my IP
Wed Nov 23 16:13:33 2011 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Wed Nov 23 16:13:33 2011 OpenVPN ROUTE: vpn_gateway undefined
Wed Nov 23 16:13:33 2011 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.1.0
Wed Nov 23 16:13:33 2011 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Wed Nov 23 16:13:33 2011 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.8.0.1
Wed Nov 23 16:13:33 2011 TAP-WIN32 device [Local Area Connection 8] opened: \\.\Global\{79B1C8EC-D6D3-4722-A869-5827BD53716B}.tap
Wed Nov 23 16:13:33 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/10.8.0.5 on interface {79B1C8EC-D6D3-4722-A869-5827BD53716B} [DHCP-serv: 10.8.0.4, lease-time: 31536000]
Wed Nov 23 16:13:33 2011 Successful ARP Flush on interface [65542] {79B1C8EC-D6D3-4722-A869-5827BD53716B}
Wed Nov 23 16:13:38 2011 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
Wed Nov 23 16:13:38 2011 Initialization Sequence Completed

Code: Select all

client

dev tap

#dev-node MyTAP  #If you renamed your TAP interface or have more than one TAP interface then remove the # at the beginning and change "MyTAP" to its name

proto udp

remote 8*.**.**.*8 1194  #You will need to enter you dyndns account or static IP address here. The number following it is the port you set in the server's config

route 192.168.1.0 255.255.255.0 vpn_gateway 3  #This it the IP address scheme and subnet of your normal network your server is on.  Your router would usually be 192.168.1.1

resolv-retry infinite

nobind

persist-key

persist-tun

ca "D:\\*****\\***\\OpenVPN\\easy-rsa\\keys\\ca.crt"

cert "D:\\*****\\***\\OpenVPN\\easy-rsa\\keys\\client1.crt" # Change the next two lines to match the files in the keys directory.  This should be be different for each client.

key "D:\\*****\\***\\OpenVPN\\easy-rsa\\keys\\client1.key"  # This file should be kept secret

ns-cert-type server

cipher BF-CBC        # Blowfish (default) encrytion

comp-lzo

verb 1

Code: Select all

Wed Nov 23 20:37:04 2011 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Wed Nov 23 20:37:04 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Nov 23 20:37:04 2011 LZO compression initialized
Wed Nov 23 20:37:04 2011 UDPv4 link local: [undef]
Wed Nov 23 20:37:04 2011 UDPv4 link remote: **.**.**.***:1194
Wed Nov 23 20:37:09 2011 [eco] Peer Connection Initiated with **.**.**.***:1194
Wed Nov 23 20:37:10 2011 TAP-WIN32 device [Local Area Connection 12] opened: \\.\Global\{96C547B5-3964-47AC-8596-A7242DFD98C3}.tap
Wed Nov 23 20:37:10 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.4/255.255.255.0 on interface {96C547B5-3964-47AC-8596-A7242DFD98C3} [DHCP-serv: 10.8.0.0, lease-time: 31536000]
Wed Nov 23 20:37:10 2011 Successful ARP Flush on interface [196615] {96C547B5-3964-47AC-8596-A7242DFD98C3}
Wed Nov 23 20:37:13 2011 Initialization Sequence Completed