[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Beginner's questions on setting up simple VPN


  • Subject: [Openvpn-users] Beginner's questions on setting up simple VPN
  • From: "Yang" <jyyug3e02@xxxxxxxxxxxxxx>
  • Date: Tue, 12 Jun 2007 14:43:52 -0700

Hi, I'd like to have home access to my work LAN, which is behind a
firewall. What I currently do is set up a remote ssh tunnel from work:

  ssh -R 8822:localhost:22 homeusername@xxxxxxxxxxxx

Then to access from home, I do:

  ssh -p 8822 workusername@localhost

>From this point on, I can similarly create other ssh tunnels. The
problem is that this approach requires creating a tunnel for each
unique (host, port) pair, which is getting to be very tedious. I'm
hoping VPNs can help me out here. Ideally, any packets I send to
172.24._._ (the work LAN) from my home computer will be routed through
my work box and reach the appropriate (host, port) at work.

I went through http://openvpn.net/static.html, but ran into two
problems. The first problem is that I don't know how to tunnel the VPN
over ssh. Here's what I did:

[from the server at work]

  $ ifconfig eth0
  eth0      Link encap:Ethernet  HWaddr 00:1A:A0:17:3A:50
            inet addr:172.24.104.145  Bcast:172.24.111.255  Mask:255.255.240.0
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:3447552 errors:0 dropped:0 overruns:0 frame:0
            TX packets:5454996 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:1000
            RX bytes:835777950 (797.0 MiB)  TX bytes:6651406888 (6.1 GiB)
            Interrupt:177

  $ cat svr
  dev tun
  ifconfig 10.0.0.1 10.0.0.2
  secret static.key

  $ ssh -f -N -R 1194:localhost:1194 homeusername@xxxxxxxxxxxx

  $ sudo openvpn svr
  Sun Jun 10 01:01:09 2007 OpenVPN 2.0.6 i486-pc-linux-gnu [SSL] [LZO]
[EPOLL] built on Apr 10 2006
  Sun Jun 10 01:01:09 2007 IMPORTANT: OpenVPN's default port number is
now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
  Sun Jun 10 01:01:09 2007 TUN/TAP device tun0 opened
  Sun Jun 10 01:01:09 2007 ifconfig tun0 10.0.0.1 pointopoint 10.0.0.2 mtu 1500
  Sun Jun 10 01:01:09 2007 UDPv4 link local (bound): [undef]:1194
  Sun Jun 10 01:01:09 2007 UDPv4 link remote: [undef]

[from the client at home]

  $ cat cli
  remote localhost
  dev tun
  ifconfig 10.0.0.2 10.0.0.1
  secret static.key

  $ sudo openvpn cli
  Sun Jun 10 01:11:20 2007 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO]
[EPOLL] built on Mar  2 2007
  Sun Jun 10 01:11:20 2007 IMPORTANT: OpenVPN's default port number is
now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
  Sun Jun 10 01:11:20 2007 TUN/TAP device tun0 opened
  Sun Jun 10 01:11:20 2007 ifconfig tun0 10.0.0.2 pointopoint 10.0.0.1 mtu 1500
  Sun Jun 10 01:11:20 2007 UDPv4 link local (bound): [undef]:1194
  Sun Jun 10 01:11:20 2007 UDPv4 link remote: 127.0.0.1:1194
  Sun Jun 10 01:11:31 2007 Peer Connection Initiated with 127.0.0.1:1194
  Sun Jun 10 01:11:31 2007 WARNING: 'ifconfig' is used inconsistently,
local='ifconfig 10.0.0.2 10.0.0.1', remote='ifconfig 10.0.0.1
10.0.0.2'
  Sun Jun 10 01:11:32 2007 Initialization Sequence Completed

That warning doesn't go away even if I swap the ifconfig arguments in
cli, which leads me to suspect that I'm not even connecting to the
work computer. That, plus the fact that the work computer doesn't
print any similar completion message.

The second problem is what's said at the bottom of the HOWTO:

"Then on the server side, add a route to the server's LAN gateway that
routes 10.8.0.2 to the OpenVPN server machine (only necessary if the
OpenVPN server machine is not also the gateway for the server-side
LAN)."

Is this really necessary? Can openvpn instead do something similar to
what ssh does and proxy my packets?
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users