[ale] What is an easy open vpn to set up

Brian Mathis brian.mathis+ale at betteradmin.com
Tue Mar 27 12:44:21 EDT 2012


On Tue, Mar 27, 2012 at 12:16 PM, Michael H. Warfield <mhw at wittsend.com> wrote:
> On Tue, 2012-03-27 at 11:37 -0400, Chuck Payne wrote:
>> On Tue, Mar 27, 2012 at 11:33 AM, John Knight <john at classiccitytelco.com>wrote:
>> >  Hi Chuck,
>> >
>> > What issue did you run into in the past?
>> >   *John Knight*
>> >
>> > On 3/27/2012 11:28 AM, Chuck Payne wrote:
>> > More and more I am needing access to server that are behind my
>> > firewall, so I like to set up openvpn, but in the past had issue. What
>> > is the easiest to set up?
>>
>> Routing. I could connect, but if I tried to ping or connect to anything I
>> couldn't.
>>
>> Chuck "PUP" Payne
>
> There are a variety of potential problems in there depending on how you
> are setting up your VPN.  For instance, is the VPN terminating on the
> firewall, passing through the firewall, or being portforwarded to
> another server?  Are you attempting to do any NAT in there?  Is it a
> private address space behind the firewall?  How did you have your
> routing set up on the VPN server (i.e. what kind of routes did you have
> OpenVPN pushing to your client)?  Could you connect to services on the
> VPN server itself?
>
> For pushing routes you might have something like this on your server .
>
> push "route 192.168.1.0 255.255.255.0"
>
> This obviously assumes that you're using the 192.168.1.0 network behind
> your firewall...
>
> For that to work, however, the server must be in the default path back
> from the machines behind the firewall back to the outside network or
> you'll have to do some less than pretty (and less than reliable) routing
> tricks on all the devices to route the VPN back or NAT the VPN on the
> server so the devices behind the firewall only see the VPN servers
> address.
>
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com


It's strongly advisable to avoid the 192.168.1.0 subnet at home since
that seems to be the default everywhere.  You will have problems when
both your local and remote networks use that subnet.  I recommend
changing all your home IPs to something in the 10.x.x.x or 172.16.x.x
- 172.31.x.x, since you probably can't change it in the remote
locations.


❧ Brian Mathis



More information about the Ale mailing list