Hey Lonnie,
I've always just chosen TCP since I've found it easier in general to get
around possible NAT issues - especially in more heavily fortified networks
like hotels. My OpenVPN implementation is more for remote client
connections (laptops, tablets, phones, etc.) then a direct Server-to-Serv
I would suspect the link-mtu set that high on most connections would cause
problems with fragmentation. Most cable internet connections and T1's use
1500. Most dsl circuits use 1492. I wouldn't explicitly set the link-mtu
unless you're trying to do something non-standard or trying to solve a
True, but that's more for advanced policy based routing scenarios. It
wouldn't help someone trying to do basic setup through the GUI.
-James
On Fri, Mar 30, 2012 at 2:50 PM, Michael Keuter wrote:
> As usually the Wiki has some more info for special cases :-):
>
> http://doc.astlinux.org/userdoc:
Hi James and Tom,
First, I can't say I ever disagreed with James, but I guess there is always a
first time. :-)
I'd use UDP as the transport Protocol, not TCP. TCP over TCP can lead to
jitter problems. So unless there is some upstream restrictions, I'd suggest
using Protocol: UDP
No need to
As usually the Wiki has some more info for special cases :-):
http://doc.astlinux.org/userdoc:openvpn_access
Am 30.03.2012 um 18:58 schrieb Tom Chadwin:
> Thank you both. That is indeed where I went wrong. I set the network to be
> the LAN subnet.
>
> I will have another go once I am back up an
Well, since the server is bricked, it sounds like you won't be able to do
anything until Monday.
But once you get access back to it, if you want to proceed through the GUI,
you can try using the settings I pasted earlier- under OpenVPN Server
configuration.
In summary:
(Tunnel Options)
Protocol:
Thank you both. That is indeed where I went wrong. I set the network to be
the LAN subnet.
I will have another go once I am back up and running (I'm hoping that just
deleting /mnt/kd/gui.anything_openvpn_related.conf should bring it back to
life). Next I just need to identify yet more unique subne
Hi Tom.
The OpenVPN Server network is totally new and unique, only one box will run as
a server, why not use:
Network: 10.8.1.0 255.255.255.0
for the server endpoint.
Then the Clients would have
Remote Server: 1.2.3.4 (public IPv4 address of OpenVPN server)
Remote Network: 10.8.1.0 255.255.
Yes, that should resolve the issue. I ran into the same problem in the
past, and the new box's interfaces would come up as eth2,3,4 instead of
0,1,2. Removing that file, and the prior associations bound to the MACs,
did the trick.
-James
On Fri, Mar 30, 2012 at 12:44 PM, Jason McCleary wrote:
>
No problem.
To answer your question, yes this should be a new and unique network
dedicated solely for the tunnel. So in your example, it should be ccc. As
long as the network doesn't overlap any other existing networks, you should
be fine. And keep in mind that the only "devices" on this network w
I only use the net5501.
But I think what Lonnie just posted will do the trick. If I delete the
/etc/udev/rules.d/70-persistent-net.rules
file from the cf card before I image it then the next machine it boots on
should generate it again Correct?
http://doc.astlinux.org/userdoc:tt_change_net_ha
Jason,
Different models of the Soekris box require different drivers for the NIC's,
i.e., Net5501 vs. Net4801. You will find different Astlinux images to download
for each of these platforms. If you are moving an astlinux image from one model
of Soekris to another, this could explain why the NI
This link from the wiki should explain what is going on and how to fix it:
Changing Network Hardware
http://doc.astlinux.org/userdoc:tt_change_net_hardware
Lonnie
On Mar 30, 2012, at 11:26 AM, Jason McCleary wrote:
> I have a Soekris box running astlinux using the box as a paging system. What
I have a Soekris box running astlinux using the box as a paging system.
What I am trying to do is create an image of the CF card to use as a
distribution to other boxes. (Like trying to make a laptop image)
When I try to take a cf card from one box and install it into another it
wont boot the ne
Many thanks indeed for this. I shall certainly attempt this once I have
sorted out the issues on Monday. One question:
> (Server Mode)
> Network: ***This is the network you want to be running over the TUNNEL.
Make sure you chose something not being used by any other network interface.
This might h
What are the goals you are trying to accomplish with the VPN tunnel?
Are you trying to just create an encrypted tunnel between the two Astlinux
boxes for inter-server communication, or are you trying to route traffic
across it as well? Are there certain networks you do/don't want to route
traffic
> Are you trying to just create an encrypted tunnel between the two Astlinux
boxes for inter-server communication, or are you trying to route traffic
across it as well? Are there certain networks you do/don't want to route
traffic across?
Connect two (well, four) subnets. We have a head office and
No problem. And I'm happy to config it via the GUI or CLI. I mostly use the
GUI, but have had to do a few tiny bits and pieces directly (routing via
rc.elocal, and so on).
Tom
-Original Message-
From: Darrick Hartman [mailto:dhart...@djhsolutions.com]
Sent: 30 March 2012 16:23
To: 'AstL
Tom,
If both ends are static IP's you might be better off using ipsec. There are
aspects of traffic shaping that are better handled with ipsec connections.
Are you looking for an example using the web interface in AstLinux or are you
trying to do this from the CLI?
Darrick
-Original Mess
Would it not be easier to set up a IPSec tunnel between two routers?
And then link the two boxes together.
Jason
-Original Message-
From: Tom Chadwin [mailto:nnpait.servi...@googlemail.com]
Sent: Friday, March 30, 2012 9:19 AM
To: 'AstLinux Users Mailing List'
Subject: [Astlinux-users]
Hello all
Would it be too much to ask for someone to give the full steps, from start
to finish, to set up a VPN between two Astlinux boxes? I'd prefer OpenVPN. I
need to know what to do (with no shorthand) on both server and client ends.
While I have some knowledge of VPN (IPSEC, L2TP, and OpenVPN
21 matches
Mail list logo
