[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

RE: [Openvpn-users] Multiple Site Examples?

  • Subject: RE: [Openvpn-users] Multiple Site Examples?
  • From: "Brian Buchanan" <brianbuchanan@xxxxxxxxxxxx>
  • Date: Fri, 11 Feb 2005 11:37:22 -0500
  • Importance: Normal
> Sent: Wednesday, February 09, 2005 3:53 PM
> From: Mathias Sundman
>
> On Wed, 9 Feb 2005, Brian Buchanan wrote:
>
> > Is this something that is done with a single config and a
> single instance of
> > OpenVPN (at the hub), or would I create multiple configs and run OpenVPN
> > multiple times?
>
> Single config file and one instance of OpenVPN. To run OpenVPN in server
> mode you need to use TLS, so you need to create a CA and issue a key/cert
> for the server as well as for every openvpn client. See the easy-rsa
> readme for a simple way todo this.
>
> Then you need to tell OpenVPN what subnet is available behind
> what OpenVPN
> client. You do this by using --client-config-dir and put a file named as
> the CN of each client in that dir. Then use "iroute xxx xxx" in that ccd
> file.
>
> The main server config should look something like this:
>
> port 1194
> dev tun
>
> ca /etc/openvpn/keys/ca.crt
> cert /etc/openvpn/keys/server.crt
> key /etc/openvpn/keys/server.key
> dh /etc/openvpn/keys/dh1024.pem
>
> server 10.11.0.0 255.255.255.0
> client-to-client
> client-config-dir /etc/openvpn/client-configs
>
> # Client should attempt reconnection on link failure.
> ping 10
> ping-restart 120
> push "ping 10"
> push "ping-restart 60"
>
> push "route 10.1.0.0 255.255.0.0"
> push "route 10.2.0.0 255.255.0.0"
> push "route 10.3.0.0 255.255.0.0"
>
> route 10.2.0.0 255.255.0.0
> route 10.3.0.0 255.255.0.0
>
> # Fix MTU issues.
> mssfix 1400
> fragment 1400
>
> # The server doesn't need privileges
> user nobody
> group nobody
> persist-tun
> persist-key
>
> log /var/log/openvpn.log
> status /var/log/openvpn.status 10
> verb 3
> daemon
>
>
> And a client config might look like this:
>
> dev tun
> remote xxxx 1194
> tls-client
> ca ca.crt
> cert client.crt
> key client.key
> pull
> nobind
> mssfix 1400
> fragment 1400
> verb 3
>
> --

Thank-you very much!  I was thinking I had to run multiple instances sitting
on different UDP ports, independant config file etc. etc.

Your comments, this example and the easy-rsa docs should get me going soon.

Thanks again for the quick response.

Brian Buchanan



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users