Home / server / Questions / 270497
Accepted
lurscher
Asked: 2011-05-18 03:26:58 +0800 CST

openvpn: network and ports

  • 772

I've managed to setup openvpn in a test server, configuring the PKI and distributing certificates to test client machines. I can ssh from the client machines to the openvpn server using the IP of the other end of the tun bridge:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.1.0.2  P-t-P:10.1.0.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

which is achieved with this line in the openvpn configuration file:

ifconfig 10.1.0.2 10.1.0.1

i'm starting openvpn with the following openvpn-startup.sh script

dir=/home/lurscher/openvpn/testChapter8/sample-config-files/

# load the firewall
$dir/firewall.sh

# load TUN/TAP kernel module
modprobe tun

# enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
openvpn --script-security 2 --cd $dir --daemon --config tls-office.conf --log $dir/log/vpn.log

this is tls-office.conf:

dev tun
ifconfig 10.1.0.1 10.1.0.2

up ./office.up
# the office.up script has this:
##!/bin/sh
#route add -net 10.0.1.0 netmask 255.255.255.0 gw $5 
#(in the openvpn manual, it says that if the Device is TUN, $5 stands for Remote IP)

tls-server
dh /home/lurscher/keys/dh1024.pem
ca /home/lurscher/keys/ca.crt
cert /home/lurscher/keys/vpnCh8TestServer.crt
key /home/lurscher/keys/vpnCh8TestServer.key
verb 3

For the client machine, i'm using the following config file:

dev tun
remote my.server.com

# 10.1.0.2 is our local VPN endpoint (home).
# 10.1.0.1 is our remote VPN endpoint (office).
;ifconfig 10.1.0.2 10.1.0.1

# Our up script will establish routes
# once the VPN is alive.
up ./home.up
##!/bin/sh
#route add -net 10.0.0.0 netmask 255.255.255.0 gw $5 
#(in the openvpn manual, it says that if the Device is TUN, $5 stands for Remote IP)

tls-client
ca /home/chuckq/keys/ca.crt
cert /home/chuckq/keys/vpnCh8TestClient.crt
key /home/chuckq/keys/vpnCh8TestClient.key
ns-cert-type server
; port 1194
; user nobody
; group nogroup
verb 3

However, i am a bit at a lost how to connect/see the IP pf other machines in the same side of the tunnel where the openvpn server is. I assume they get IP in the 10.1.X.X range, but i don't see any of them. Maybe i just don't know how to see what ip is assigned behind the tunnel because i just use ifconfig to know what local ip a machine has, but each machine reports only the tun IP bridge nodes (the client and the server) but no mention about other machines on either end

So, suppose there is a http server at a machine behind the openvpn server, its not on the same machine; how do i reach it or see it from the openvpn clients?

thanks!

networking openvpn linux-networking ubuntu-10.10

1 Answers

  1. Best Answer

    The following directive

    status /var/log/openvpn-status.log

    in the OpenVPN server's config file will maintain a list of endpoint addresses and routed networks of all your OpenVPN clients in the /var/log/openvpn-status.log file, which is updated every 60 seconds as long as OpenVPN is running.

    • 1