[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] possibility

  • Subject: Re: [Openvpn-users] possibility
  • From: "James Yonan" <jim@xxxxxxxxx>
  • Date: Thu, 1 May 2003 16:34:04 -0000


Yes, OpenVPN can handle the situation where both ends of the connection are

There some info about this in the HOWTO.

There is another method not currently described in the HOWTO that I personally
use.  A prerequiste of this method is that you subscribe to a service such as
dyndns.org that lets you conveniently point an internet domain name to a
dynamic address (or you can do it yourself if you have control over a DNS
server that exists on a machine having a static IP address).

The crux of this method is in the 'timeouts' section of the config file below,
or more specifically the 'ping' and 'ping-restart' options.  Basically, if for
whatever reason, OpenVPN doesn't receive a ping from its peer during a 300
second period (as would happen if its peer changed addresses), it will
restart.  When it restarts, it will re-resolve myremote.mydomain.com to get
the new IP address.  This method assumes that you are using a dynamic DNS
service that lets you immediately update your domain name with your current
dynamic address.

Here is the config file example:


remote myremote.mydomain.com
dev tun
up ./up-script # optional

# crypto config
replay-persist replay-persist-file # optional (1.4.0 or above)

# TLS config (or omit TLS security by using a pre-shared key
# such as 'secret static.key').
ca             key/my-ca.crt
cert           key/my-cert.crt
key            key/my-key.key
tls-auth       key/my-tls-password # optional

# timeouts
ping               15
ping-restart      300 # 5 minutes
resolv-retry      300 # 5 minutes

# compression (optional)

# UID (optional)
user nobody
group nobody

# verbosity (optional)
verb 4


On the other end of the connection, you would change 'remote' appropriately,
and swap the ifconfig addresses.

If you are using TLS security, then also change 'tls-client' to 'tls-server',
add a 'dh' file for the diffie-hellman file, and change 'cert' and 'key' to
match your appropriate local cert and key.


"John F. Godfrey, Pastor" <jfgodfrey@xxxxxxxxxx> said:

> Greetings!
> Is it possible to connecta machine with a DSL connection, dynamic IP, 
> and a machine with a modem connection, dynamic IP, via VPN?
> thanks for any help,
> john
> -- 
> John F. Godfrey, Pastor
> Grandville Assembly of God, Grandville, Michigan USA
> Jesus said to him, "I am the Way, and the Truth, and the Life.  No one comes
> to the Father except through Me." (John 14:6)
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users


Openvpn-users mailing list