[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Preemptive question - OpenVPN on Windows


  • Subject: [Openvpn-users] Preemptive question - OpenVPN on Windows
  • From: Ciprian Trofin <ciprian.trofin@xxxxxxxxxxx>
  • Date: Mon, 21 Mar 2005 12:08:47 +0200

I turned to OpenVPN for one reason: I want to play some multiplayer games
with my friends and WindowsXP VPN features are limited only to
peer-to-peer functionality.

My configuration: Windows XP SP2, one NIC, direct Internet connection
(public IP - no router / NAT).

First friend configuration: same

Second friend configuration: WindowsXP SP1 (?), one NIC, Internet
connection through a router / NAT (private IP).

I installed OpenVPN on my system as a service, I renamed the adaptor to
OpenVPN, and I bridged the NIC with the OpenVPN adaptor.

I followet the HowTo and set up my own Certificate Authority and I generate
certificates and keys for the OpenVPN server and 3 clients.

For the moment, I am the only one to setup the server, my friends are going
to install the software sometime this week - that's why this is a
"preemptive" :) mail 

My config.ovpn file:
===========================================================================
port 1194
proto udp
dev tap
dev-node OpenVPN
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.0.1 255.255.255.0 192.168.0.10 192.168.0.20
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
max-clients 10
verb 3
mute 10
===========================================================================


The config file I'm going to sedn to my friends:

===========================================================================
client
dev tap
dev-node OpenVPN
proto udp
remote 80.x.y.z # that's my IP address
resolv-retry infinite
nobind
mute-replay-warnings
ca ca.crt
# my 1st friend
cert client1.crt
key client1.key

# my 2nd friend
;cert client2.crt
;key client2.key

comp-lzo
verb 3
mute 5



Questions:
1. server.key is a 2048 bit key but diffie hellman (dh) parameters are built
   with the "1024" option. Should I  expect some problems ?

2. I am going to be the server, so I have chosen to set my VPN IP to
   192.168.0.1 and I allocated a pool of 11 IPs (192.168.0.10-192.168.0.20)
   for my 2 friends.
   I'm not sure how I suppose to set my IP (the server's IP): when the
   service starts, is the 192.168.0.1 address *automatically* assigned to
   my OpenVPN adapter or should I add this address as a second IP to my
   bridged connection ? (the first IP is the public IP required for INet
   connectivity)

3. Should I take care that the subnet my server manages (192.168.0.0 / 24)
   doesn't overlap the IP addresses my second friend uses in his local
   network ?

4. Is the VPN link compression CPU-hungry ? I wonder if is going to
   interfere (negatively) with multiplayer gaming.

5. the Internet connection (mine and my friends') is cable, 256kbps
   (maximum). I think that if 3 clients are connected to my server, the
   bandwidth per user (for gaming) is something like 8kB/s, and I think
   this is enough for now.
   If I use VPN link compression, is this going to make a difference in
   increasing the practical bandwidth / user (and is this going to allow 1
   or 2 more clients to connect and play smooth games) ?

6. I use ZoneAlarm Pro (no Windows firewall).
   Beside allowing unrestricted access from the clients (based on their
   public IP), is there anything else I should take care of ?

-- 
Best regards,
  Ciprian Trofin


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users