RE: [Openvpn-users] Anyone have a good howto for OpenVPN on a Wifi Segment

["Andrew J. Richardson" <andrew@xxxxxxxxxxxxxxxxxxxxxxx>]

> I am running OpenVPN 2.0 rc10 and it works great for me in 
> road warrior mode.  I would like to use it to secure my WiFi clients.
> 
> Can anyone point me to a good howto on this?  My OpenVPN 
> server is on the same subnet as my WiFi clients. I don't need 

Here's a run-down of how I do this with my WiFi net.  YMMV.

I have an all-Windows net and a Netgear router/ap.  I use TAP interfaces on
all machines.  Basically, to accomplish this I have one machine that
connects to the LAN by way of wired ethernet.  If you use a pc as your
router/gateway you could use that as the vpn server.

On the vpn server I run an OpenVPN server daemon using UDP.  On each client
machine I run an OpenVPN session that connects to the wired server.  I use
"redirect-gateway local" on the clients to send all traffic through the
wired machine.  Make sure you turn on packet forwarding on the wired machine
(in the OS; there's a MS knowledge base article on the single registry
change required) as well as provide a return route to the vpn subnet on your
main gateway router.  For me, that gateway is my router/ap, so I've got a
static route in the router config to route traffic destined for the vpn
subnet to the wired vpn server.  Also note that there's a registry change
required to ensure your DNS lookups go through the vpn, not directly to the
WAN gateway.  It's noted in the 2.0 notes on the OpenVPN web site.

A DNS edit isn't typically necessary as the vpn server does any NAT between
the vpn subnet and your LAN subnet, and the gateway router handles the
transition between your LAN subnet and the Internet.

Good luck!

Andrew



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users