[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] need help about configuration

  • Subject: Re: [Openvpn-users] need help about configuration
  • From: Josh Cepek <josh.cepek@xxxxxxx>
  • Date: Wed, 19 Dec 2007 12:13:09 -0600
  • Openpgp: id=2E5A5127
  • Z-usanet-msgid: XID438LLsRmW0130X40

Your server and client configs appear valid, but there are a couple
things you probably want to change.

It's fine to use ifconfig-pool on the server to hand out addresses
(similar to DHCP as you pointed out) but then don't specify ifconfig on
the client, otherwise you are setting a static IP address that the
server may hand out to another client.  Also, you should remove the push
"route-gateway" line.  Based on the client file below that
actually doesn't do anything, but it would break your client's Internet
connectivity if the client used client or pull in the config file. 
Unless your VPN server is acting as a router you don't want to redirect
all Internet traffic through the VPN tunnel like that.  I'd also
recommend adding the client-to-client option to your server so multiple
clients can see each other.

As long as you can ping between the server and clients there is
connectivity across the VPN.  You might want to verify that any firewall
software on the server and clients is disabled for the tap interface. 
I'll also add that even with tap some LAN protocols don't work well over
a VPN.  One example of this is IPX, and from experience getting IPX
routing to work correctly under Windows can be very difficult.  Standard
TCP/IP networking and Ethernet

burak575 wrote:
> hi again,
> i was made this config on server side;
> server.ovpn
> ---------------------------
> mode server
> tls-server
> dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"
> ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
> cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.crt"
> key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.key"  # This file  
> should be kept secret
> proto tcp-server
> #tcp-server
> port 1194 # change if blocked by ISP/firewall/whoever
> dev tap
> ifconfig
> ifconfig-pool
> push "route-gateway"
> #detect connection problems and reconnect
> ping 10
> ping-restart 60
> ping-timer-rem
> persist-tun
> # encryption would be a waste of time for games ...
> cipher none
> -------------- END OF server.ovpn -------------
> and
> client.ovpn
> --------------------------------------------
> proto tcp-client
> remote inativa.ath.cx 1194
> tls-client
> ns-cert-type server
> dev tap
> ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
> cert "C:\\Program Files\\OpenVPN\\config\\client1.crt"
> key "C:\\Program Files\\OpenVPN\\config\\client1.key"
> ifconfig
> ping 10
> ping-restart 60
> cipher none
> --------------------- end of client.ovpn-------
> i was first tried the UDP , and i succeed connection on both UDP or TCP one
> but when i try to enter game "age of mythology" i can see the game what  
> client was created.
> but when i try to enter, it count down from 120 to 0 then timeout occurs.
> when i create the game, same thing happens on client.
> so we are succed on creating conenction without ports but i didnt know  
> what is the problem now.
> game says my ip as which was my local ip from adsl router.
> is it need to bridge openvpn with my adsl from windows?
> or its need custom configuration?
>> From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of burak575
>> Sent: Wed 12-Dec-07 18:42
>> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>> Subject: [Openvpn-users] need help about configuration
>> hi i have to know something,
>> i have several friends, and we want to play lan games over internet.
>> [...]
>> question is: is it possible to tunnel over an alive connection from them
>> to me? so they will not need to open any port and i will open 4 ports,  
>> and
>> they will connect me from these ports. then openvpn will tunnel  
>> connection
>> over this connection like it was an lan connection.
>> so if openvpn is not capable of doing this, can you give me some
>> suggestions about a project that can do this job?
>> also i am trying to understand and looking for simple tun/tap drivers, so
>> i need know how it will inform my user level program when OS trying to
>> send a packet over this driver and how can inject my received packets to
>> this virtual ethernet, if you know any tutorials or documents about this
>> please help
>> OS: windows xp sp 2
>> thanks for any help
>> have a nice day


Attachment: signature.asc
Description: OpenPGP digital signature