-1

Just wondering if someone can assist me further with the set-up of OpenVPN on my Windows Server 2003.

I have configured Win Server as per the following guide: http://tinyurl.com/kxusv and I'm now at the stage of Creating the config files.

I have a few questions that I need some assistance with. My server IP is 192.168.1.10 and my routers IP address is 192.168.1.1 (the router is a Netgear DGN2000).

I have edited the server.ovpn file as per the following:

push "dhcp-option DNS X.X.X.X"  # Replace the Xs with the IP address of the DNS for your home network (usually your ISP's DNS)

push "dhcp-option DNS X.X.X.X"  # A second DNS server if you have one

to include my ISP DNS and I have not edited anything else.

Now my issue is with the client1.opvpn file as per the below:

client

dev tap

#dev-node MyTAP  #If you renamed your TAP interface or have more than one TAP interface then remove the # at the beginning and change "MyTAP" to its name

proto udp

remote YOURHOST.dyndns.org 1194  #You will need to enter you dyndns account or static IP address here. The number following it is the port you set in the server's config

route 192.168.1.0 255.255.255.0 vpn_gateway 3  #This it the IP address scheme and subnet of your normal network your server is on.  Your router would usually be 192.168.1.1

resolv-retry infinite

nobind

persist-key

persist-tun

ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"

cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.crt" # Change the next two lines to match the files in the keys directory.  This should be be different for each client.

key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.key"  # This file should be kept secret

ns-cert-type server

cipher BF-CBC        # Blowfish (default) encrytion

comp-lzo

verb 1

To me it looks like I will need to amend the following:

remote YOURHOST.dyndns.org 1194 #You will need to enter you dyndns account or static IP address here. The number following it is the port you set in the server's config

route 192.168.1.0 255.255.255.0 vpn_gateway 3  #This it the IP address scheme and subnet of your normal network your server is on.  Your router would usually be 192.168.1.1

So, should the first line be the static IP of the machine that I'm applying this to? The IP address of the server (192.168.1.10) or something else? I'm also stuck on the second part 'route 192.168.1.0 255.255.255.0 vpn_gateway 3' Should this be the router IP which is 192.168.1.1 and the subnet is 255.255.255.0 and that is all I need to alter?

The final part that I'm stuggling with is Configuring the router. Basically I have a Netgear DGN2000 and as it mentions that the router should be configured to port forward port 1194 to the server’s IP address of 192.168.1.150 all I have been able to do is in 'Firewall Rules' and on 'Inbound Services', set the Service to 'Any(ALL) and Send to LAN Server point to 1923.168.1.150. I'm not sure if this is correct?

It is the following stage of the help guide that I'm struggling with and really need some help with:

You need to make sure the port you configured OpenVPN to listen on is forwarded on the router to the IP address of your server. On the WRT54G, port forwarding is configured in the “Applications & Gaming” section. Enter 1194 for the port, UDP for the protocol, and 192.168.1.150 for the IP address. Make sure the entry is enabled and then save the setting.

Next, you need to add an entry to the router’s Routing Table. This will enable the router to properly route requests from the clients to the TAP interface of the server.

On the WRT54G you would go to the “Setup” page and then the “Advanced Routing” section.

Enter the follwing info to make the entry:

    Enter Route Name: openVPN
    Destination LAN IP: 192.168.10.0
    Subnet Mask: 255.255.255.252
    Default Gateway: 192.168.1.150
    Interface: LAN & Wireless

Once the info has been typed in make sure you save the setting.

Can anyone possibly guide me through setting this part up with my Netgear router. I see that once I have these 2 parts complete I'm there so I would really appreciate someone walking me through what is required in completing this.

Much appreciated.

Bill Johnson
  • 301
  • 1
  • 5
  • 14
  • Just as an aside to the last part of the help request I have created a 'Static Route' on the Netgear router as per the following: 'Route Name: openVPN, I have the ticked the Active tick box as opposed to the private tick box (not sure if this is correct or not?) and then I have in 'Destination IP Address' applied the follownig 192.168.10.0 and the 'IP Subnet Mask' is 255.255.255.252 and the 'Gateway IP Address' is set to 192.168.1.50. On the Netgear router you also have to enter 'Metric' which I have set to 2 as apparently this works best. hope someone can further assist me. – Bill Johnson Oct 11 '10 at 19:01

1 Answers1

0

For the line 

remote YOURHOST.dyndns.org 1194

you should use the Public IP address of your internet connection (assuming you want users from the internet to access your internal netwokr) you can get this ip address in this page: http:// www.whatismyip.com/, this will give you the IP address you are using to access the internet.

I dont know your network infraestructure, but assuming you only have one public IP address this should work.

next you should setup your router/firewall to port NAT (redirect a client request to the public ip address xx.xx.xx.xx:1194 to your openVPN server LAN address(192.168.1.10).

here is a how to: http://portforward.com/english/routers/port_forwarding/Netgear/DGN2000/default.htm

Regarind the route line it is used to include the correct route configuration on the client machines. its similar to issuing the:

 c:\>route add xxx.xxx.xxx.xxx netmask xx.xx.xx.xx

You should set the VPNGateway if you are using a tap interface to the OpenVPN server, then, you should make sure that the openVPN server forwards this packets.

Hope that helped.

regards,
Hugo

Hugo Garcia
  • 478
  • 1
  • 3
  • 18