I don't mind you not debugging. I'd like to learn, basically I just want something that will route all network traffic through the vpn, for when I'm at other places, not just school. Thanks, Tyler Littlefield Web: tysdomain.com email: tyler at tysdomain.com My programs don't have bugs, they're called randomly added features. ----- Original Message ----- From: "Kerry Hoath" <kerry@xxxxxxxxx> To: "Speakup is a screen review system for Linux." <speakup at braille.uwo.ca> Sent: Friday, May 15, 2009 6:38 AM Subject: Re: openvpn configuration > With a static key there is one client and one server, openvpn can not > handle more than one client per instance. > You'd need to launch one instance of openvpn for each client connecting on > a different port. > > > ip addresses must be outside your network for the vpn; if using a routed > vpn. > If using a bridge i'd assume you have bridged tap0 on your server to an > ethernet interface on your subnet as described in the bridging mini-howto > on the openvpn site. > > If you intend to bridge; handing out a default gateway to your client pc > isn't trivial. > > Perhaps you should consider getting your hands on the building vpn > networks with openvpn from pakt publishing book it is easy to follow. > > Also specifying what you exactly want to achieve in terms of vpns and > networks might allow people to give you more directed help. > I'm personally not debugging your config files but someone else might be > more kind; it's hints only. > > You must have either dev tap or dev tun on *both* ends of the connection, > you can not mix and match. > tun is routed, vpn ips outside your subnet with apropriate routing. > > dev tap is bridge, bridge the tap0 and eth0 interfaces making sure you > openvpn mktun the tap0 interface first. > > Regards, Kerry. > > ----- Original Message ----- > From: "Tyler Littlefield" <tyler at tysdomain.com> > To: "Speakup is a screen review system for Linux." > <speakup at braille.uwo.ca> > Sent: Friday, May 15, 2009 7:22 PM > Subject: Re: openvpn configuration > > >> he static key shows ifconfig x.x.x.x to x.x.x.x, sounds like there isn't >> much handed out there... >> >> >> Thanks, >> Tyler Littlefield >> Web: tysdomain.com >> email: tyler at tysdomain.com >> My programs don't have bugs, they're called randomly added features. >> >> ----- Original Message ----- >> From: "Kerry Hoath" <kerry at gotss.net> >> To: "Speakup is a screen review system for Linux." >> <speakup at braille.uwo.ca> >> Sent: Thursday, May 14, 2009 10:34 PM >> Subject: Re: openvpn configuration >> >> >>> ip is handed out by openvpn from your server. >>> If you want the same ip every time then set that up on openvpn to do >>> that, see the static key mini howto on the subject. >>> >>> You should not need to use ifconfig on the client side to set ips on >>> tunnel let openvpn pull the necessary options from the server. >>> I use a routed vpn all the time and allways get the same ip from my >>> server vpn ip that is. >>> Regards, Kerry. >>> >>> ----- Original Message ----- >>> From: "Tyler Littlefield" <tyler at tysdomain.com> >>> To: "Speakup is a screen review system for Linux." >>> <speakup at braille.uwo.ca> >>> Sent: Friday, May 15, 2009 11:35 AM >>> Subject: Re: openvpn configuration >>> >>> >>>> It's fine. kids have exploits they run on the servers, but I'm not that >>>> stupid. vpn is a lot more um, quiet, so I doubt they'll care as much >>>> over the kids running exploits when they want to log to facebook. Not >>>> like I'm looking at porn, just want to be able to do research. Anything >>>> with phpbb is blocked, and I'm frequently reading articles. >>>> When I try to set up tun, I need to use ifconfig to set up the tunnel; >>>> I won't always have the same IP, though. >>>> >>>> >>>> Thanks, >>>> Tyler Littlefield >>>> Web: tysdomain.com >>>> email: tyler at tysdomain.com >>>> My programs don't have bugs, they're called randomly added features. >>>> >>>> ----- Original Message ----- >>>> From: "Kerry Hoath" <kerry at gotss.net> >>>> To: "Speakup is a screen review system for Linux." >>>> <speakup at braille.uwo.ca> >>>> Sent: Thursday, May 14, 2009 9:22 PM >>>> Subject: Re: openvpn configuration >>>> >>>> >>>>> Firstly: >>>>> understand the difference between tun and tap. >>>>> You must use the *same* on both ends, tun for routed vpn, tap for >>>>> bridged. >>>>> >>>>> decide whether you want routed or bridged and set up accordingly. >>>>> Info on openvpn.net on which is bbest, routed is more scalable and >>>>> there are tricks to hand out a default gateway on a bridged setup. >>>>> >>>>> these tricks may or may not work with Windows openvpn client see faq >>>>> files. >>>>> >>>>> I'd set up dev tun on both ends and make sure you can see the other >>>>> end of your tunnel. >>>>> Best to make connectivity work before you mess with default routes >>>>> etc. >>>>> >>>>> Is it worth noting here that you are probably violating policy by >>>>> punching holes through a firewall? >>>>> be aware in case admin comes down on you. >>>>> >>>>> Regards, Kerry. >>>>> >>>>> >>>>> >>>>> ----- Original Message ----- >>>>> From: "Tyler Littlefield" <tyler at tysdomain.com> >>>>> To: "Speakup is a screen review system for Linux." >>>>> <speakup at braille.uwo.ca> >>>>> Sent: Friday, May 15, 2009 3:08 AM >>>>> Subject: openvpn configuration >>>>> >>>>> >>>>>> Hello list, >>>>>> I'm currently trying to get openvpn going. I have the port open, but >>>>>> it's not letting me forward all traffic through, for some reason. Any >>>>>> ideas? I've provided my configs below >>>>>> #server: >>>>>> dev tun >>>>>> secret static.key >>>>>> keepalive 10 60 >>>>>> ping-timer-rem >>>>>> persist-tun >>>>>> persist-key >>>>>> user nobody >>>>>> group nobody >>>>>> daemon >>>>>> plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so login >>>>>> push "redirect-gateway def1" >>>>>> #client: >>>>>> dev tap >>>>>> remote tds-solutions.net >>>>>> secret C:/static.key >>>>>> keepalive 10 60 >>>>>> ping-timer-rem >>>>>> persist-tun >>>>>> push "redirect-gateway def1" >>>>>> resolv-retry infinite >>>>>> nobind >>>>>> proto udp >>>>>> I want to be able to connect from multiple sources, so I used dev >>>>>> tap. >>>>>> >>>>>> Thanks, >>>>>> Tyler Littlefield >>>>>> Web: tysdomain.com >>>>>> email: tyler at tysdomain.com >>>>>> My programs don't have bugs, they're called randomly added features. >>>>>> _______________________________________________ >>>>>> Speakup mailing list >>>>>> Speakup at braille.uwo.ca >>>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Speakup mailing list >>>>> Speakup at braille.uwo.ca >>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup >>>> >>>> _______________________________________________ >>>> Speakup mailing list >>>> Speakup at braille.uwo.ca >>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup >>>> >>> >>> _______________________________________________ >>> Speakup mailing list >>> Speakup at braille.uwo.ca >>> http://speech.braille.uwo.ca/mailman/listinfo/speakup >> >> _______________________________________________ >> Speakup mailing list >> Speakup at braille.uwo.ca >> http://speech.braille.uwo.ca/mailman/listinfo/speakup >> > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup
