Tony's ramblings on Open Source Software, Life and Photography

openvpn

Making OpenVPN Route Both Ways With TUN

Published October 5, 2009, 10:00 am | by tony

You may recall this article from last February where I described how to set up an OpenVPN server in Ubuntu.

One thing that's bothered me ever since that day is that the client could contact everything on the server's network but not vice-versa. I searched for answers for quite some time and finally gave up.

I just stumbled on the answer, and it's a really easy solution to the problem. I'm already using custom client configs, and there's only one client that I wanted dual routing with - our accounting office in Virginia.

Here's a few assumptions. Let's say the primary network with the OpenVPN server uses 192.168.1.0/24. The OpenVPN client network that's going to keep a constant link is using 192.168.2.0/24.

In the server's "server.conf" file you need the following two lines:


Categories:

Configuring OpenVPN on Ubuntu 8.04 LTS

Published February 19, 2009, 11:00 am | by tony

For me, setting up an OpenVPN server on Ubuntu Server was orders of magnitude easier than trying to use a commercial ipsec utility. Here's the steps to take to set up an Ubuntu 8.04 (Hardy) server.

First, be aware this setup makes a few assumptions. First, no bridging of networks is done which means no broadcast traffic and no multicast. I believe most people won't use those, so I'm not even going to try to explain how to make that work - I'm going for a quick and easy setup. Second, the server is on the Internet with a static IP address - or at least has a DNS entry somewhere so that computers on the outside can locate it. Your typical home network won't have a static IP, but with some of the "dynamic DNS" website / utilities, you can get around that restriction.

I'm also not going to try to deal with firewall issues in this HOWTO. If you can disable your firewall and everything works, then get your firewall working afterwards. The best advice I can give there is to allow all traffic to/from the "tun0" (or tun1 or tun2... whatever) device that the VPN creates, and allow incoming traffic on the Internet facing adapter (eth0?) to the TCP or UDP port you configure your server to listen on. It's really not that complicated for a basic setup.

First, become root (sudo su -) and then install the following:

apt-get install openvpn dnsmasq openssl

Categories: