Just wondering if someone can assist me further with the set-up of OpenVPN on my Windows Server 2003.
I have configured Win Server as per the following guide: http://tinyurl.com/kxusv and I'm now at the stage of Creating the config files.
I have a few questions that I need some assistance with. My server IP is 192.168.1.10 and my routers IP address is 192.168.1.1 (the router is a Netgear DGN2000).
I have edited the server.ovpn file as per the following:
push "dhcp-option DNS X.X.X.X" # Replace the Xs with the IP address of the DNS for your home network (usually your ISP's DNS)
push "dhcp-option DNS X.X.X.X" # A second DNS server if you have one
to include my ISP DNS and I have not edited anything else.
Now my issue is with the client1.opvpn file as per the below:
client
dev tap
#dev-node MyTAP #If you renamed your TAP interface or have more than one TAP interface then remove the # at the beginning and change "MyTAP" to its name
proto udp
remote YOURHOST.dyndns.org 1194 #You will need to enter you dyndns account or static IP address here. The number following it is the port you set in the server's config
route 192.168.1.0 255.255.255.0 vpn_gateway 3 #This it the IP address scheme and subnet of your normal network your server is on. Your router would usually be 192.168.1.1
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.crt" # Change the next two lines to match the files in the keys directory. This should be be different for each client.
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.key" # This file should be kept secret
ns-cert-type server
cipher BF-CBC # Blowfish (default) encrytion
comp-lzo
verb 1
To me it looks like I will need to amend the following:
remote YOURHOST.dyndns.org 1194 #You will need to enter you dyndns account or static IP address here. The number following it is the port you set in the server's config
route 192.168.1.0 255.255.255.0 vpn_gateway 3 #This it the IP address scheme and subnet of your normal network your server is on. Your router would usually be 192.168.1.1
So, should the first line be the static IP of the machine that I'm applying this to? The IP address of the server (192.168.1.10) or something else? I'm also stuck on the second part 'route 192.168.1.0 255.255.255.0 vpn_gateway 3' Should this be the router IP which is 192.168.1.1 and the subnet is 255.255.255.0 and that is all I need to alter?
The final part that I'm stuggling with is Configuring the router. Basically I have a Netgear DGN2000 and as it mentions that the router should be configured to port forward port 1194 to the server’s IP address of 192.168.1.150 all I have been able to do is in 'Firewall Rules' and on 'Inbound Services', set the Service to 'Any(ALL) and Send to LAN Server point to 1923.168.1.150. I'm not sure if this is correct?
It is the following stage of the help guide that I'm struggling with and really need some help with:
You need to make sure the port you configured OpenVPN to listen on is forwarded on the router to the IP address of your server. On the WRT54G, port forwarding is configured in the “Applications & Gaming” section. Enter 1194 for the port, UDP for the protocol, and 192.168.1.150 for the IP address. Make sure the entry is enabled and then save the setting.
Next, you need to add an entry to the router’s Routing Table. This will enable the router to properly route requests from the clients to the TAP interface of the server.
On the WRT54G you would go to the “Setup” page and then the “Advanced Routing” section.
Enter the follwing info to make the entry:
Enter Route Name: openVPN
Destination LAN IP: 192.168.10.0
Subnet Mask: 255.255.255.252
Default Gateway: 192.168.1.150
Interface: LAN & Wireless
Once the info has been typed in make sure you save the setting.
Can anyone possibly guide me through setting this part up with my Netgear router. I see that once I have these 2 parts complete I'm there so I would really appreciate someone walking me through what is required in completing this.
Much appreciated.
For the line
you should use the Public IP address of your internet connection (assuming you want users from the internet to access your internal netwokr) you can get this ip address in this page: http:// www.whatismyip.com/, this will give you the IP address you are using to access the internet.
I dont know your network infraestructure, but assuming you only have one public IP address this should work.
next you should setup your router/firewall to port NAT (redirect a client request to the public ip address xx.xx.xx.xx:1194 to your openVPN server LAN address(192.168.1.10).
here is a how to: http://portforward.com/english/routers/port_forwarding/Netgear/DGN2000/default.htm
Regarind the route line it is used to include the correct route configuration on the client machines. its similar to issuing the:
You should set the VPNGateway if you are using a tap interface to the OpenVPN server, then, you should make sure that the openVPN server forwards this packets.
Hope that helped.
regards,
Hugo