how to change VPN netmask?

Discussion in 'Server Operation' started by please, Sep 12, 2009.

  1. please

    please New Member

    HI

    Already added your command.
    how can I test this is work or not?

    my wanted is vpn client can all access from VPN server.
    Example : IF can ping anywhere from VPN server,I want also ping from vpn client.

    Thanks
     
  2. dipeshmehta

    dipeshmehta Member

    you can use traceroute (or tracert in windows) to check through which route your packets are travelling.

    I am still unable to understand, why you want to divert all traffic through your vpn server. In general, vpn client connects to your server by means of internet, so why don't you leave it as it is? i.e. allowing web traffic through client's gateway, and all other access to your network through vpn server.

    Dipesh
     
  3. please

    please New Member

    HI sir

    I am bad in english ,don`t mind me...



    I have 5 PC client in 17.0 network and 3 pc client in 15.0 network .

    I can access to all clients to clients if even connect 1 vpnclient to the server.

    example if I connect 17.1 to vpn server ,can I access from 17.2(not use vpn client) to vpn server and 15.0 network client?

    I mean is can I use as gateway the 17.1.


    Thanks
     
  4. dipeshmehta

    dipeshmehta Member

    If your 17 network and 15 networks are at physical different locations, you can bridge both networks using openvpn. For this situation, you can use OpenVPNs static link and not the way until now have done. You can check openvpn.net for the howto.

    Little busy rightnow, please check after few minutes, I would post step-by-step instructions, for your setup.

    Dipesh
     
  5. dipeshmehta

    dipeshmehta Member

    Hello,

    You have two networks, 192.168.15.xxx and 192.168.17.xxx, we shall bridge both networks so that each client at either side would have access to every other clients at opposite side network, as you were sitting in that office.

    This can be done with a simple static link between two networks using OpenVPN. In such case, there is no need for any CA, and client certificate/key structure. Just one static key would be shared between them for authentication.

    We shall need OpenVPN running on any one PC on each side. This PC should have internet access so that it can connect to vpn server at another side.

    First, we shall need a common secret key to share, to generate it give following as root at terminal (for example your .17 network):
    Code:
    openvpn --genkey --secret static.key
    this would generate a secret key with the name static.key, copy it to /etc/openvpn. Now, create static.conf file into /etc/openvpn as under:
    Code:
    proto udp
    dev tun0
    remote <host.domain or static IP of VPN server at another side>
    ifconfig 10.0.0.1 10.0.1.1
    secret /etc/openvpn/static.key
    daemon
    
    lport 12250
    rport 12550
    
    user nobody
    group nogroup
    persist-key
    persist-tun
    
    status /var/log/openvpn/static-status.log
    log-append /var/log/openvpn/static.log
    
    ping-restart 60
    ping 10
    
    route 192.168.15.0 255.255.255.0
    
    Now, copy static.key to PC running openvpn at another side (e.g. your .15 network) (Please do not use unsecure way such as email or ftp to transmit the file. The best way is to copy it to a pen drive, and bring pen drive at another location).

    Here (at .15 network), copy static.key to /etc/openvpn folder. Create static.conf into /etc/openvpn as under:
    Code:
    proto udp
    dev tun0
    remote <host.domain or static IP of VPN server at another side>
    ifconfig 10.0.1.1 10.0.0.1
    secret /etc/openvpn/static.key
    daemon
    
    lport 12550
    rport 12250
    
    user nobody
    group nogroup
    persist-key
    persist-tun
    
    status /var/log/openvpn/static-status.log
    log-append /var/log/openvpn/static.log
    
    ping-restart 60
    ping 10
    
    route 192.168.17.0 255.255.255.0
    
    Next, add following iptables entry.
    At .17 network
    Code:
    iptables -A INPUT -p udp --sport 12250 --dport 12550 -j ACCEPT
    iptables -A OUTPUT -p udp --sport 12550 --dport 12250 -j ACCEPT
    
    iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
    
    At .15 network
    Code:
    iptables -A INPUT -p udp --sport 12550 --dport 12250 -j ACCEPT
    iptables -A OUTPUT -p udp --sport 12250 --dport 12550 -j ACCEPT
    
    iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
    
    Restart openvpn on both side, and try to ping device on another side, it should work.

    Hope this helps. Please come back with results.

    Dipesh

    PS: You are free to change any file name, port, ip as you desire. I have given them keeping your networks in mind.
     
  6. please

    please New Member

    HI

    I need to Install server in 15 and 17 network?
    this is server to server vpn?
    Thanks
     
  7. dipeshmehta

    dipeshmehta Member

    Yes, you can say it as type of server to server vpn.

    Basically, OpenVPN itself is not server or client, it depends on your config file. You can have more than one instances of OpenVPN running simultaneously, where some are server and others are client.

    Hope this clears doubts.

    Dipesh
     
  8. please

    please New Member

    Hi

    Thanks for your quickly reply :)

    I think you are skill full in linux Networking platform :)

    If you OK,Can I get your Messenger address?

    Thanks
     

Share This Page