As usually the Wiki has some more info for special cases :-): http://doc.astlinux.org/userdoc:openvpn_access
Am 30.03.2012 um 18:58 schrieb Tom Chadwin: > Thank you both. That is indeed where I went wrong. I set the network to be > the LAN subnet. > > I will have another go once I am back up and running (I'm hoping that just > deleting /mnt/kd/gui.anything_openvpn_related.conf should bring it back to > life). Next I just need to identify yet more unique subnets to use - we have > load balancers running MPVs which also use their own subnets, so this is > going to get confusing. > > One step at a time, and I have enough to go on to make some progress for > now. However, for this solution to work for us, all clients on both client > and server subnets need to be able to route to one another, in both > directions. However, James has given me some pointers towards that in his > earlier message, so hopefully that will get me there. > > If it all works (as I'm SURE it shall), I'll try to write it up on the wiki. > No-one better than a beginner to test and write up for other beginners. > > Thanks again for all your help > > Tom > > > -----Original Message----- > From: Lonnie Abelbeck [mailto:li...@lonnie.abelbeck.com] > Sent: 30 March 2012 17:53 > To: AstLinux Users Mailing List > Cc: Tom Chadwin > Subject: Re: [Astlinux-users] OpenVPN config > > Hi Tom. > > The OpenVPN Server network is totally new and unique, only one box will run > as a server, why not use: > > Network: 10.8.1.0 255.255.255.0 > > for the server endpoint. > > Then the Clients would have > > Remote Server: 1.2.3.4 (public IPv4 address of OpenVPN server) > > Remote Network: 10.8.1.0 255.255.255.0 > > The Cipher should match for all clients and servers. > > Generate all the certs/keys on the Server, and distribute them to the > clients, using the web interface for both. > > That is about all there is to it. > > But, if you want to route networks behind the clients, that is a little more > complicated, but can be done. If so, This may be a case where IPsec may be > the better choice, if you want to route networks to networks. > > Lonnie > > > > On Mar 30, 2012, at 11:24 AM, Tom Chadwin wrote: > >> Many thanks indeed for this. I shall certainly attempt this once I >> have sorted out the issues on Monday. One question: >> >>> (Server Mode) >>> Network: ***This is the network you want to be running over the TUNNEL. >> Make sure you chose something not being used by any other network > interface. >> This might have been what caused the bricking earlier, if you set it >> the same as the WAN interface. It should be in the format of X.X.X.X >> Y.Y.Y.Y, with X as the network address and Y as the subnet mask (ie: >> 172.21.0.0 >> 255.255.255.0)*** >> >> This is not 100% clear to me, and could have been where I went wrong, >> though I absolutely did not put the WAN network or interface in here. >> Is this the LAN network/subnet which this Astlinux box is on, or is it >> an entirely new subnet not used by LAN or WAN at either end of the tunnel? >> >> Real topology: >> >> Server LAN is aaa.aaa.aaa.aaa/24 >> Server WAN is xxx.xxx.xxx.xxx/29 >> >> Client LAN is bbb.bbb.bbb.bbb/24 >> Client WAN is yyy.yyy.yyy.yyy/29 >> >> Under "Server Mode", should "Network" be aaa.aaa.aaa.aaa >> 255.255.255.0, or should it be ccc.ccc.ccc.ccc 255.255.255.0 (your maskage > may vary)? >> >> Thanks, and many apologies for beginner's questions >> >> Tom > > > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. Michael http://www.mksolutions.info
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
