then apply my suggestions and get back to me with results. i've made a number of suggestsions in the previous message but have had no feedback. I'd suggest a routed vpn, dev tun, ips outside your subnet, get your server to nat for the vpn. regards, Kerry. ----- Original Message ----- From: "Tyler Littlefield" <tyler@xxxxxxxxxxxxx> To: "Speakup is a screen review system for Linux." <speakup at braille.uwo.ca> Sent: Friday, May 15, 2009 9:51 PM Subject: Re: openvpn configuration >I don't mind you not debugging. I'd like to learn, basically I just want >something that will route all network traffic through the vpn, for when I'm >at other places, not just school. > > Thanks, > Tyler Littlefield > Web: tysdomain.com > email: tyler at tysdomain.com > My programs don't have bugs, they're called randomly added features. > > ----- Original Message ----- > From: "Kerry Hoath" <kerry at gotss.net> > To: "Speakup is a screen review system for Linux." > <speakup at braille.uwo.ca> > Sent: Friday, May 15, 2009 6:38 AM > Subject: Re: openvpn configuration > > >> With a static key there is one client and one server, openvpn can not >> handle more than one client per instance. >> You'd need to launch one instance of openvpn for each client connecting >> on a different port. >> >> >> ip addresses must be outside your network for the vpn; if using a routed >> vpn. >> If using a bridge i'd assume you have bridged tap0 on your server to an >> ethernet interface on your subnet as described in the bridging mini-howto >> on the openvpn site. >> >> If you intend to bridge; handing out a default gateway to your client pc >> isn't trivial. >> >> Perhaps you should consider getting your hands on the building vpn >> networks with openvpn from pakt publishing book it is easy to follow. >> >> Also specifying what you exactly want to achieve in terms of vpns and >> networks might allow people to give you more directed help. >> I'm personally not debugging your config files but someone else might be >> more kind; it's hints only. >> >> You must have either dev tap or dev tun on *both* ends of the connection, >> you can not mix and match. >> tun is routed, vpn ips outside your subnet with apropriate routing. >> >> dev tap is bridge, bridge the tap0 and eth0 interfaces making sure you >> openvpn mktun the tap0 interface first. >> >> Regards, Kerry. >> >> ----- Original Message ----- >> From: "Tyler Littlefield" <tyler at tysdomain.com> >> To: "Speakup is a screen review system for Linux." >> <speakup at braille.uwo.ca> >> Sent: Friday, May 15, 2009 7:22 PM >> Subject: Re: openvpn configuration >> >> >>> he static key shows ifconfig x.x.x.x to x.x.x.x, sounds like there isn't >>> much handed out there... >>> >>> >>> Thanks, >>> Tyler Littlefield >>> Web: tysdomain.com >>> email: tyler at tysdomain.com >>> My programs don't have bugs, they're called randomly added features. >>> >>> ----- Original Message ----- >>> From: "Kerry Hoath" <kerry at gotss.net> >>> To: "Speakup is a screen review system for Linux." >>> <speakup at braille.uwo.ca> >>> Sent: Thursday, May 14, 2009 10:34 PM >>> Subject: Re: openvpn configuration >>> >>> >>>> ip is handed out by openvpn from your server. >>>> If you want the same ip every time then set that up on openvpn to do >>>> that, see the static key mini howto on the subject. >>>> >>>> You should not need to use ifconfig on the client side to set ips on >>>> tunnel let openvpn pull the necessary options from the server. >>>> I use a routed vpn all the time and allways get the same ip from my >>>> server vpn ip that is. >>>> Regards, Kerry. >>>> >>>> ----- Original Message ----- >>>> From: "Tyler Littlefield" <tyler at tysdomain.com> >>>> To: "Speakup is a screen review system for Linux." >>>> <speakup at braille.uwo.ca> >>>> Sent: Friday, May 15, 2009 11:35 AM >>>> Subject: Re: openvpn configuration >>>> >>>> >>>>> It's fine. kids have exploits they run on the servers, but I'm not >>>>> that stupid. vpn is a lot more um, quiet, so I doubt they'll care as >>>>> much over the kids running exploits when they want to log to facebook. >>>>> Not like I'm looking at porn, just want to be able to do research. >>>>> Anything with phpbb is blocked, and I'm frequently reading articles. >>>>> When I try to set up tun, I need to use ifconfig to set up the tunnel; >>>>> I won't always have the same IP, though. >>>>> >>>>> >>>>> Thanks, >>>>> Tyler Littlefield >>>>> Web: tysdomain.com >>>>> email: tyler at tysdomain.com >>>>> My programs don't have bugs, they're called randomly added features. >>>>> >>>>> ----- Original Message ----- >>>>> From: "Kerry Hoath" <kerry at gotss.net> >>>>> To: "Speakup is a screen review system for Linux." >>>>> <speakup at braille.uwo.ca> >>>>> Sent: Thursday, May 14, 2009 9:22 PM >>>>> Subject: Re: openvpn configuration >>>>> >>>>> >>>>>> Firstly: >>>>>> understand the difference between tun and tap. >>>>>> You must use the *same* on both ends, tun for routed vpn, tap for >>>>>> bridged. >>>>>> >>>>>> decide whether you want routed or bridged and set up accordingly. >>>>>> Info on openvpn.net on which is bbest, routed is more scalable and >>>>>> there are tricks to hand out a default gateway on a bridged setup. >>>>>> >>>>>> these tricks may or may not work with Windows openvpn client see faq >>>>>> files. >>>>>> >>>>>> I'd set up dev tun on both ends and make sure you can see the other >>>>>> end of your tunnel. >>>>>> Best to make connectivity work before you mess with default routes >>>>>> etc. >>>>>> >>>>>> Is it worth noting here that you are probably violating policy by >>>>>> punching holes through a firewall? >>>>>> be aware in case admin comes down on you. >>>>>> >>>>>> Regards, Kerry. >>>>>> >>>>>> >>>>>> >>>>>> ----- Original Message ----- >>>>>> From: "Tyler Littlefield" <tyler at tysdomain.com> >>>>>> To: "Speakup is a screen review system for Linux." >>>>>> <speakup at braille.uwo.ca> >>>>>> Sent: Friday, May 15, 2009 3:08 AM >>>>>> Subject: openvpn configuration >>>>>> >>>>>> >>>>>>> Hello list, >>>>>>> I'm currently trying to get openvpn going. I have the port open, but >>>>>>> it's not letting me forward all traffic through, for some reason. >>>>>>> Any ideas? I've provided my configs below >>>>>>> #server: >>>>>>> dev tun >>>>>>> secret static.key >>>>>>> keepalive 10 60 >>>>>>> ping-timer-rem >>>>>>> persist-tun >>>>>>> persist-key >>>>>>> user nobody >>>>>>> group nobody >>>>>>> daemon >>>>>>> plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so login >>>>>>> push "redirect-gateway def1" >>>>>>> #client: >>>>>>> dev tap >>>>>>> remote tds-solutions.net >>>>>>> secret C:/static.key >>>>>>> keepalive 10 60 >>>>>>> ping-timer-rem >>>>>>> persist-tun >>>>>>> push "redirect-gateway def1" >>>>>>> resolv-retry infinite >>>>>>> nobind >>>>>>> proto udp >>>>>>> I want to be able to connect from multiple sources, so I used dev >>>>>>> tap. >>>>>>> >>>>>>> Thanks, >>>>>>> Tyler Littlefield >>>>>>> Web: tysdomain.com >>>>>>> email: tyler at tysdomain.com >>>>>>> My programs don't have bugs, they're called randomly added features. >>>>>>> _______________________________________________ >>>>>>> Speakup mailing list >>>>>>> Speakup at braille.uwo.ca >>>>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Speakup mailing list >>>>>> Speakup at braille.uwo.ca >>>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup >>>>> >>>>> _______________________________________________ >>>>> Speakup mailing list >>>>> Speakup at braille.uwo.ca >>>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup >>>>> >>>> >>>> _______________________________________________ >>>> Speakup mailing list >>>> Speakup at braille.uwo.ca >>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup >>> >>> _______________________________________________ >>> Speakup mailing list >>> Speakup at braille.uwo.ca >>> http://speech.braille.uwo.ca/mailman/listinfo/speakup >>> >> >> _______________________________________________ >> Speakup mailing list >> Speakup at braille.uwo.ca >> http://speech.braille.uwo.ca/mailman/listinfo/speakup > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup >
