[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] 3 beginner questions forcing a NIC


  • Subject: Re: [Openvpn-users] 3 beginner questions forcing a NIC
  • From: Gus S Calabrese <gsc@xxxxxxxxxxxxx>
  • Date: Tue, 10 Jul 2007 16:04:27 -0600

Thanks for the info.
Regarding Question #3 ... How can I force OVPN to use a particular NIC ?
Gus
On Jul 10, 2007, at 12:54 PM, Josh Cepek wrote:

Gus S Calabrese wrote:
I am trying to set up a VPN where my server is at 216.xxx.yyy.234.
My router redirects 216.xxx.yyy.234 to local IP 192.168.2.234
I have 3 NICs on the server.  One is at 192.168.2.234, one at 192.168.2.235 and one at 192.168.2.237.

The remote client is using this script:
remote 216.17.171.234    ( XP pro SP2 )
dev tun
port 80
ifconfig 10.3.0.2 10.3.0.1
secret static.key


the server script is:           ( WIN2000 SP4 )
dev tun
port 80
ifconfig 10.3.0.1 10.3.0.2
secret static.key



Q1:  How does openVPN choose the NIC that it is going to use on the server ?
By default OpenVPN will bind to all interfaces (more accurately, the 0.0.0.0 address which accepts connections from any interface.)  This isn't a problem unless you want to free up that port on another IP address or you don't want it to listen on all interfaces.  With a firewall this last consideration isn't a problem since the firewall should block ports by default.
Q2:  This set of scripts does not work.  Any suggestions about how the scripts should read ?
Everything looks fine for a basic point-to-point setup; see my suggestion below.  An error message or such would be helpful.
Q3:  Does the client need to change any firewall settings ?  Or will port 80 pass through without difficulty?
Keep in mind that the OpenVPN default is UDP, not TCP, so if you forwarded TCP port 80 (which is usually used for HTTP (web) traffic) it won't work unless you have OpenVPN using TCP.  Generally you want OpenVPN to use UDP unless you need TCP.

-- 
Josh
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
Openvpn-users mailing list