Tech Support Forums - TechIMO.com - View Single Post

**GroundZero3** · October 29th, 2006, 09:15 AM

CONFIGURE THE CLIENTS

The configuration file is pretty straight forward as you set it up almost like the server.conf file above.

You can create this using notepad in windows or use VI again.

#Tell this is a client
Client

#Name of the VPN network connection. (in network neighborhood, i changed the name from the defualt vpn network card to HomeVPN so i can tell the difference between the different network adapters on the computer)
dev-node HomeVPN* *the name is whatever your vpn network adapter shows up in network neighborhood

#Protocol the VPN uses
Proto tcp

#Type of VPN connection (you will notice you have tun0 on the server, and tun on the clients)
dev tun

#ip address of the VPN Server. This is your WAN ip address is
Remote 192.168.2.110

#Something dealing with the keys
persist-key
persist-tun

#The keys for the clients (see below for more info)
ca ca.crt
cert client.crt
key client.key

#The server is using aes-128-cbc so we need to tell the client to use that
cipher aes-128-cbc

#Compression as the same on the server
comp-lzo

verb 3

mute 20

If you are using vi save it :wq clients.ovpn

Now download the OpenVPN gui

http://openvpn.se/ (openvpn-2.0.9-gui-1.0.3-install.exe)

Install program (I used all the default settings) You will get prompt with this notice

Click continue anyway

If you right click network neighborhood and click properties you will see the new network interface. Now when you were configuring the client.ovpn file you had a line in there “Dev-node mytap”. Now I usually rename the vpn interface to homevpn so it’s easier to distinguish the difference of the interefaces. Whatever you name the interface (if you rename it, make sure you change the name of mytap and it’s case sensitive).

So in my config file I have dev-node homevpn. It’s very important to remember if you rename it to change that line or the vpn config file will fail.

copy the file client1.crt and client1.key and ca.crt from the folder where the other keys are located to your home directory. The .key file is the one you want to keep to yourself!

Now you will need to get winscp to download the files from a Linux environment to a windows environment. (if you get a permission error from winscp type chown sudo name then client1.*) The sudo name is the root login name you made for the machine.

Before you copy my boss noted that sometimes coping over from Linux to windows can cause some issues with the files, when you drag the file over you will get a prompt to press copy. Before you do click more then click binary then you can press copy

Copy these files into

C:\Program Files\openvpn\config also place your client.ovpn into this folder too

Right click on the client.ovpn and click start openvp on this config file. A dos box should pop up and when its done connecting to the VPN you should see “Initialization Sequence Completed” If you close this DOS box you will disconnect from the VPN

Now the VPN is connected you need to setup up a route to the vpn subnet so 192.168.x.x or whatever can communicate with vpn clients. Log into the router (for this im gonna go through a linksys router, you must bear with me as im using the DD-WRT firmware) . If you are running the default firmware you would click the first tab and see the advance routing tab. Click it then for the destination LAN address type in your VPN subnet. In my case it would be 10.8.1.0, gateway 255.255.255.0 and the gateway will be the address of the VPN server. So if your vpn server internal address is 192.168.1.50 you would but that as the gateway.

Now if you are a vpn client on the road and want to access a server recourse you can type in run

\\192.168.1.100\music. You have to use the ip address of the server, name resolution for a routed vpn does not work. I have tried to stream music over a vpn, its a hit or miss depending on your connection and the speed of the vpn server.

Also note i am running the vpn server in a vmware and it works great

October 29th, 2006, 09:15 AM	#4 (permalink)
GroundZero3 A hero in training Join Date: Oct 2001 Location: Norfolk, VA Posts: 22,394 Blog Entries: 5	CONFIGURE THE CLIENTS The configuration file is pretty straight forward as you set it up almost like the server.conf file above. You can create this using notepad in windows or use VI again. #Tell this is a client Client #Name of the VPN network connection. (in network neighborhood, i changed the name from the defualt vpn network card to HomeVPN so i can tell the difference between the different network adapters on the computer) dev-node HomeVPN* the name is whatever your vpn network adapter shows up in network neighborhood #Protocol the VPN uses Proto tcp #Type of VPN connection (you will notice you have tun0 on the server, and tun on the clients) dev tun #ip address of the VPN Server. This is your WAN ip address is Remote 192.168.2.110 #Something dealing with the keys persist-key persist-tun #The keys for the clients (see below for more info) ca ca.crt cert client.crt key client.key #The server is using aes-128-cbc so we need to tell the client to use that cipher aes-128-cbc #Compression as the same on the server comp-lzo verb 3 mute 20 If you are using vi save it :wq clients.ovpn Now download the OpenVPN gui http://openvpn.se/ (openvpn-2.0.9-gui-1.0.3-install.exe) Install program (I used all the default settings) You will get prompt with this notice Click continue anyway If you right click network neighborhood and click properties you will see the new network interface. Now when you were configuring the client.ovpn file you had a line in there “Dev-node mytap”. Now I usually rename the vpn interface to homevpn so it’s easier to distinguish the difference of the interefaces. Whatever you name the interface (if you rename it, make sure you change the name of mytap and it’s case sensitive). So in my config file I have dev-node homevpn. It’s very important to remember if you rename it to change that line or the vpn config file will fail. copy the file client1.crt and client1.key and ca.crt from the folder where the other keys are located to your home directory. The .key file is the one you want to keep to yourself! Now you will need to get winscp to download the files from a Linux environment to a windows environment. (if you get a permission error from winscp type chown sudo name then client1.) The sudo name is the root login name you made for the machine. Before you copy my boss noted that sometimes coping over from Linux to windows can cause some issues with the files, when you drag the file over you will get a prompt to press copy. Before you do click more then click binary then you can press copy Copy these files into C:\Program Files\openvpn\config also place your client.ovpn into this folder too Right click on the client.ovpn and click start openvp on this config file. A dos box should pop up and when its done connecting to the VPN you should see “Initialization Sequence Completed” If you close this DOS box you will disconnect from the VPN Now the VPN is connected you need to setup up a route to the vpn subnet so 192.168.x.x or whatever can communicate with vpn clients. Log into the router (for this im gonna go through a linksys router, you must bear with me as im using the DD-WRT firmware) . If you are running the default firmware you would click the first tab and see the advance routing tab. Click it then for the destination LAN address type in your VPN subnet. In my case it would be 10.8.1.0, gateway 255.255.255.0 and the gateway will be the address of the VPN server. So if your vpn server internal address is 192.168.1.50 you would but that as the gateway. Now if you are a vpn client on the road and want to access a server recourse you can type in run \\192.168.1.100\music. You have to use the ip address of the server, name resolution for a routed vpn does not work. I have tried to stream music over a vpn, its a hit or miss depending on your connection and the speed of the vpn server. Also note i am running the vpn server in a vmware and it works great