Tech Support Forums - TechIMO.com - View Single Post

**GroundZero3** · October 29th, 2006, 09:14 AM

CONFIGURE THE SERVER

So from here we type vi which will give you a visual prompt. Press the insert key to start typing.

First we will start off with the vpn port. The default port Openvpn runs on is 1194 using UDP. You can change this to something else and also use TCP instead of UDP if you choose.

*note* (the # means this is a comment, I put the comments in for reference for myself if I ever need to go back)

#VPN Port
Port 1194

#Local address (this is the address of the network card from your subnet, I suggest you make this machine have a static ip address)
Local 192.168.x.x

#Protocol for the VPN (remember you can use UDP or TCP, I use TCP)
Proto tcp

#Ethernet routing (like I stated above I picked routing over bridging)
Dev tun0

#Key location
Ca keys/ca.crt
Cert keys/server.crt
Key keys/server.key #secret file

# Diffie hellman parameters. (This is the cryptography)
Dh keys/dh1024.pem

#VPN DHCP Pool
Server 10.8.1.0 255.255.255.0

*note 10.8.1.0 is the address range for my VPN clients. Please note like most of the home routers out there. They use the 192.168.1.x range. If you go to a friends house or on a network that uses the 192.168.1.x the vpn will not work. So to combat this, you should change your network address range to something that isn’t used very often. (Please review the private addresses to get some ideas). I have changed my ip address subnet on my homework to 192.168.2.x/24*

#Gateway Push (this tells the server to push my subnet to any vpn client connecting, make sure you don’t forget the quotes)
Push “route 192.168.2.0 255.255.255.0”

#VPN static ip address pool. It makes sure that a given PKI certificate ALWAYS GETS THE SAME IP on the VPN tunnel
Ifconfig-pool-persist client-addresses.txt

(inside this file I just have name,ip I want to use. So in my case it would have

Groundzero3,10.8.1.6
#Allow vpn clients to communicate with each other (this is an optional option, for a work environment I was informed its not good to enabled this option)
Client-to-client

#keepalive
Keepalive 10 120

#more cryptographic cipher options
Cipher AES-128-CBC

#compression
Comp-lzo

#openvpn priv after init.
User nobody
Group nogroup

Persist-key
Persist-tun

#This is the status log file for openvpn
Status openvpn-status.log

Log openvpn

Verb 3

Mute 20

To save the file press escape the type :wq server.conf

That’s pretty much it. Remember the stuff in parentheses are just explaining the comment areas so they are not needed in the config file.

October 29th, 2006, 09:14 AM	#2 (permalink)
GroundZero3 A hero in training Join Date: Oct 2001 Location: Norfolk, VA Posts: 22,394 Blog Entries: 5	CONFIGURE THE SERVER So from here we type vi which will give you a visual prompt. Press the insert key to start typing. First we will start off with the vpn port. The default port Openvpn runs on is 1194 using UDP. You can change this to something else and also use TCP instead of UDP if you choose. note (the # means this is a comment, I put the comments in for reference for myself if I ever need to go back) #VPN Port Port 1194 #Local address (this is the address of the network card from your subnet, I suggest you make this machine have a static ip address) Local 192.168.x.x #Protocol for the VPN (remember you can use UDP or TCP, I use TCP) Proto tcp #Ethernet routing (like I stated above I picked routing over bridging) Dev tun0 #Key location Ca keys/ca.crt Cert keys/server.crt Key keys/server.key #secret file # Diffie hellman parameters. (This is the cryptography) Dh keys/dh1024.pem #VPN DHCP Pool Server 10.8.1.0 255.255.255.0 note 10.8.1.0 is the address range for my VPN clients. Please note like most of the home routers out there. They use the 192.168.1.x range. If you go to a friends house or on a network that uses the 192.168.1.x the vpn will not work. So to combat this, you should change your network address range to something that isn’t used very often. (Please review the private addresses to get some ideas). I have changed my ip address subnet on my homework to 192.168.2.x/24 #Gateway Push (this tells the server to push my subnet to any vpn client connecting, make sure you don’t forget the quotes) Push “route 192.168.2.0 255.255.255.0” #VPN static ip address pool. It makes sure that a given PKI certificate ALWAYS GETS THE SAME IP on the VPN tunnel Ifconfig-pool-persist client-addresses.txt (inside this file I just have name,ip I want to use. So in my case it would have Groundzero3,10.8.1.6 #Allow vpn clients to communicate with each other (this is an optional option, for a work environment I was informed its not good to enabled this option) Client-to-client #keepalive Keepalive 10 120 #more cryptographic cipher options Cipher AES-128-CBC #compression Comp-lzo #openvpn priv after init. User nobody Group nogroup Persist-key Persist-tun #This is the status log file for openvpn Status openvpn-status.log Log openvpn Verb 3 Mute 20 To save the file press escape the type :wq server.conf That’s pretty much it. Remember the stuff in parentheses are just explaining the comment areas so they are not needed in the config file.