[ale] What is an easy open vpn to set up

Michael H. Warfield mhw at WittsEnd.com
Tue Mar 27 13:01:19 EDT 2012 

On Tue, 2012-03-27 at 12:44 -0400, Brian Mathis wrote:
> On Tue, Mar 27, 2012 at 12:16 PM, Michael H. Warfield <mhw at wittsend.com> wrote:
> > On Tue, 2012-03-27 at 11:37 -0400, Chuck Payne wrote:
> >> On Tue, Mar 27, 2012 at 11:33 AM, John Knight <john at classiccitytelco.com>wrote:
> >> >  Hi Chuck,
> >> >
> >> > What issue did you run into in the past?
> >> >   *John Knight*
> >> >
> >> > On 3/27/2012 11:28 AM, Chuck Payne wrote:
> >> > More and more I am needing access to server that are behind my
> >> > firewall, so I like to set up openvpn, but in the past had issue. What
> >> > is the easiest to set up?
> >>
> >> Routing. I could connect, but if I tried to ping or connect to anything I
> >> couldn't.
> >>
> >> Chuck "PUP" Payne
> >
> > There are a variety of potential problems in there depending on how you
> > are setting up your VPN.  For instance, is the VPN terminating on the
> > firewall, passing through the firewall, or being portforwarded to
> > another server?  Are you attempting to do any NAT in there?  Is it a
> > private address space behind the firewall?  How did you have your
> > routing set up on the VPN server (i.e. what kind of routes did you have
> > OpenVPN pushing to your client)?  Could you connect to services on the
> > VPN server itself?
> >
> > For pushing routes you might have something like this on your server .
> >
> > push "route 192.168.1.0 255.255.255.0"
> >
> > This obviously assumes that you're using the 192.168.1.0 network behind
> > your firewall...
> >
> > For that to work, however, the server must be in the default path back
> > from the machines behind the firewall back to the outside network or
> > you'll have to do some less than pretty (and less than reliable) routing
> > tricks on all the devices to route the VPN back or NAT the VPN on the
> > server so the devices behind the firewall only see the VPN servers
> > address.
> >
> > Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com

> It's strongly advisable to avoid the 192.168.1.0 subnet at home since
> that seems to be the default everywhere.  You will have problems when
> both your local and remote networks use that subnet.  I recommend
> changing all your home IPs to something in the 10.x.x.x or 172.16.x.x
> - 172.31.x.x, since you probably can't change it in the remote
> locations.

That was strictly an example.  Sort of like using test.com for a domain
name.  That would also imply that he's dealing with a NAT device.  The
fact that it is so common is why I used it for the example block.

> ❧ Brian Mathis

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20120327/b3e91c60/attachment.bin

More information about the Ale mailing list