[ale] What is an easy open vpn to set up

Michael Trausch mike at trausch.us
Tue Mar 27 13:11:42 EDT 2012


Remember to use the reserved example addresses:

The blocks 192.0.2.0/24 (TEST-NET-1), 198.51.100.0/24 (TEST-NET-2), and
203.0.113.0/24 (TEST-NET-3) are provided for use in documentation.

Defined by RFC 5737.
On Mar 27, 2012 1:06 PM, "Michael H. Warfield" <mhw at wittsend.com> wrote:

> On Tue, 2012-03-27 at 12:44 -0400, Brian Mathis wrote:
> > On Tue, Mar 27, 2012 at 12:16 PM, Michael H. Warfield <mhw at wittsend.com>
> wrote:
> > > On Tue, 2012-03-27 at 11:37 -0400, Chuck Payne wrote:
> > >> On Tue, Mar 27, 2012 at 11:33 AM, John Knight <
> john at classiccitytelco.com>wrote:
> > >> >  Hi Chuck,
> > >> >
> > >> > What issue did you run into in the past?
> > >> >   *John Knight*
> > >> >
> > >> > On 3/27/2012 11:28 AM, Chuck Payne wrote:
> > >> > More and more I am needing access to server that are behind my
> > >> > firewall, so I like to set up openvpn, but in the past had issue.
> What
> > >> > is the easiest to set up?
> > >>
> > >> Routing. I could connect, but if I tried to ping or connect to
> anything I
> > >> couldn't.
> > >>
> > >> Chuck "PUP" Payne
> > >
> > > There are a variety of potential problems in there depending on how you
> > > are setting up your VPN.  For instance, is the VPN terminating on the
> > > firewall, passing through the firewall, or being portforwarded to
> > > another server?  Are you attempting to do any NAT in there?  Is it a
> > > private address space behind the firewall?  How did you have your
> > > routing set up on the VPN server (i.e. what kind of routes did you have
> > > OpenVPN pushing to your client)?  Could you connect to services on the
> > > VPN server itself?
> > >
> > > For pushing routes you might have something like this on your server .
> > >
> > > push "route 192.168.1.0 255.255.255.0"
> > >
> > > This obviously assumes that you're using the 192.168.1.0 network behind
> > > your firewall...
> > >
> > > For that to work, however, the server must be in the default path back
> > > from the machines behind the firewall back to the outside network or
> > > you'll have to do some less than pretty (and less than reliable)
> routing
> > > tricks on all the devices to route the VPN back or NAT the VPN on the
> > > server so the devices behind the firewall only see the VPN servers
> > > address.
> > >
> > > Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>
> > It's strongly advisable to avoid the 192.168.1.0 subnet at home since
> > that seems to be the default everywhere.  You will have problems when
> > both your local and remote networks use that subnet.  I recommend
> > changing all your home IPs to something in the 10.x.x.x or 172.16.x.x
> > - 172.31.x.x, since you probably can't change it in the remote
> > locations.
>
> That was strictly an example.  Sort of like using test.com for a domain
> name.  That would also imply that he's dealing with a NAT device.  The
> fact that it is so common is why I used it for the example block.
>
> > ❧ Brian Mathis
>
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>   /\/\|=mhw=|\/\/          | (678) 463-0932 |
> http://www.wittsend.com/mhw/
>   NIC whois: MHW9          | An optimist believes we live in the best of
> all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120327/1e3e9f95/attachment-0001.html 


More information about the Ale mailing list