[ previous ] [ next ] [ threads ]
 
 From:  JP M <jpm underscore tmp2 at yahoo dot com>
 To:  Peter Allgeyer <allgeyer at web dot de>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] OpenVPN, switching to m0n0
 Date:  Tue, 6 Sep 2005 04:41:50 -0700 (PDT) 
Peter,

Sorry but you're just going too fast for me... I won't
be able to test before this WE, possibly next WE.
I attach below my OpenVPN2 config (server/client) and
network settings. If you have a dhcp server handy, you
can see for yourself how this type of setup works.
Personnaly I wanted bridging because of windows file
sharing, dhcp for "silent" client configuration and
the dns-dhcp link that dnsmasq provides.
My testing machine is a wireless client that accesses
the Lan via Openvpn. 

Thanks for all your help !!!
--- Peter Allgeyer <allgeyer at web dot de> wrote:

> Hi JP!
> 
> Am Sonntag, den 04.09.2005, 13:03 -0700 schrieb JP
> M:
> > I use
> > certificates with a static key required to
> initiate
> > the TLS handshake (the --tls-auth option).
> Have implemented TLS auth. Please feel free to test
> the code and give me
> some feedback. New versions along with a TODO list
> and a changelog can
> always be found on my homepage.
> ...

= Network setup (edited) =
# ifconfig          
br0       inet addr:192.168.1.1  Bcast:192.168.1.255 
Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500 
Metric:1
          
eth0      inet addr:192.168.0.254  Bcast:192.168.0.255
 Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500 
Metric:1
          
lo        inet addr:127.0.0.1  Mask:255.0.0.0

eth1      Link encap:Ethernet  HWaddr 00:XX

tap0      Link encap:Ethernet  HWaddr 7E:XX  

# brctl show    
bridge name     bridge id               STP enabled   
 interfaces
br0             8000.00XXX              yes           
 eth1
                                                      
 tap0

= Win2K wireless client config (dual-boot w/ debian;
almost identical conf) =
# m0n0's WAN network is private (dmz)
remote 192.168.0.254 5000
client
proto udp
nobind
dev tap
dev-node "VPN link"
ifconfig-nowarn
tun-mtu 1500
tun-mtu-extra 32
# comp-lzo
#passtos
fast-io
resolv-retry infinite
persist-tun
persist-key
persist-remote-ip
mute 100
# user nobody
# group nogroup
tls-client
tls-auth auth/priv/init.key 1
ca auth/ca-root.crt
cert auth/me.crt
key auth/priv/me.key
dh auth/dh1024-vpn.pem
ns-cert-type server
tls-remote 
"/C=FR/ST=blah/L=blah/O=blah/OU=blah/CN=gw.vpn/emailAddress=vpn-master@lan"
verb 3

= debian router/firewall/dhcp server/ovpn server =
mode server       
local 192.168.0.254
proto udp  
port 5000  
dev tap0   
client-to-client
ifconfig-nowarn
tun-mtu 1500           
tun-mtu-extra 32       
max-clients 10         
# Commented since we're using the LAN DHCP server
# server-bridge 192.168.1.1 255.255.255.0
192.168.1.100 192.168.1.200
       # LAN is 192.168.1.0/24 - br0 is 192.168.1.1 
# ifconfig-pool-persist /var/run/ip-leases.ovpn
# push "route-gateway 192.168.1.1"
# push "redirect-gateway"       # Steal default route
client-config-dir vpn-ccd
passtos                
fast-io                
# comp-lzo             
# push "comp-lzo"               # Doesn't work ?
float                
resolv-retry 60      
keepalive 10 30      
ping-timer-rem       
persist-tun        
persist-local-ip
persist-key
status /var/log/ovpn.status
mute 100                   
user nobody               
group nogroup             
management localhost 8100 
tls-server
tls-auth auth/priv/init.key 0 
ca auth/ca-root.crt    
cert auth/vpn.crt      
key auth/priv/vpn.key  
dh auth/dh1024-vpn.pem 
cipher BF-CBC                 
ns-cert-type client           
crl-verify auth/vpn.crl    
verb 3



	
		
______________________________________________________
Click here to donate to the Hurricane Katrina relief effort.
http://store.yahoo.com/redcross-donate3/