HI Already added your command. how can I test this is work or not? my wanted is vpn client can all access from VPN server. Example : IF can ping anywhere from VPN server,I want also ping from vpn client. Thanks
you can use traceroute (or tracert in windows) to check through which route your packets are travelling. I am still unable to understand, why you want to divert all traffic through your vpn server. In general, vpn client connects to your server by means of internet, so why don't you leave it as it is? i.e. allowing web traffic through client's gateway, and all other access to your network through vpn server. Dipesh
HI sir I am bad in english ,don`t mind me... I have 5 PC client in 17.0 network and 3 pc client in 15.0 network . I can access to all clients to clients if even connect 1 vpnclient to the server. example if I connect 17.1 to vpn server ,can I access from 17.2(not use vpn client) to vpn server and 15.0 network client? I mean is can I use as gateway the 17.1. Thanks
If your 17 network and 15 networks are at physical different locations, you can bridge both networks using openvpn. For this situation, you can use OpenVPNs static link and not the way until now have done. You can check openvpn.net for the howto. Little busy rightnow, please check after few minutes, I would post step-by-step instructions, for your setup. Dipesh
Hello, You have two networks, 192.168.15.xxx and 192.168.17.xxx, we shall bridge both networks so that each client at either side would have access to every other clients at opposite side network, as you were sitting in that office. This can be done with a simple static link between two networks using OpenVPN. In such case, there is no need for any CA, and client certificate/key structure. Just one static key would be shared between them for authentication. We shall need OpenVPN running on any one PC on each side. This PC should have internet access so that it can connect to vpn server at another side. First, we shall need a common secret key to share, to generate it give following as root at terminal (for example your .17 network): Code: openvpn --genkey --secret static.key this would generate a secret key with the name static.key, copy it to /etc/openvpn. Now, create static.conf file into /etc/openvpn as under: Code: proto udp dev tun0 remote <host.domain or static IP of VPN server at another side> ifconfig 10.0.0.1 10.0.1.1 secret /etc/openvpn/static.key daemon lport 12250 rport 12550 user nobody group nogroup persist-key persist-tun status /var/log/openvpn/static-status.log log-append /var/log/openvpn/static.log ping-restart 60 ping 10 route 192.168.15.0 255.255.255.0 Now, copy static.key to PC running openvpn at another side (e.g. your .15 network) (Please do not use unsecure way such as email or ftp to transmit the file. The best way is to copy it to a pen drive, and bring pen drive at another location). Here (at .15 network), copy static.key to /etc/openvpn folder. Create static.conf into /etc/openvpn as under: Code: proto udp dev tun0 remote <host.domain or static IP of VPN server at another side> ifconfig 10.0.1.1 10.0.0.1 secret /etc/openvpn/static.key daemon lport 12550 rport 12250 user nobody group nogroup persist-key persist-tun status /var/log/openvpn/static-status.log log-append /var/log/openvpn/static.log ping-restart 60 ping 10 route 192.168.17.0 255.255.255.0 Next, add following iptables entry. At .17 network Code: iptables -A INPUT -p udp --sport 12250 --dport 12550 -j ACCEPT iptables -A OUTPUT -p udp --sport 12550 --dport 12250 -j ACCEPT iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT At .15 network Code: iptables -A INPUT -p udp --sport 12550 --dport 12250 -j ACCEPT iptables -A OUTPUT -p udp --sport 12250 --dport 12550 -j ACCEPT iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT Restart openvpn on both side, and try to ping device on another side, it should work. Hope this helps. Please come back with results. Dipesh PS: You are free to change any file name, port, ip as you desire. I have given them keeping your networks in mind.
Yes, you can say it as type of server to server vpn. Basically, OpenVPN itself is not server or client, it depends on your config file. You can have more than one instances of OpenVPN running simultaneously, where some are server and others are client. Hope this clears doubts. Dipesh
Hi Thanks for your quickly reply I think you are skill full in linux Networking platform If you OK,Can I get your Messenger address? Thanks