Openvpn Configuration For Static IP Addresses

Dear Experts,

I have two offices in two different buildings. I want create VPN link for this. I read this link http://openvpn.net/index.php/documentation/howto.html#config

But i do not understand the configuration file.
I read some case here: http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_23711190.html?sfQueryTermInfo=1+openvpn+server.conf+set

but my case liitle bit diiferent:

I am sitting on Head office where i want to creat the VPN server

Head office(Server1)

Linux Box (ubuntu 8.04) with two NICs
eth1: 10.0.0.5  
eth0: 192.168.3.1

Sub-Office (Server2)
Linux Box with two NICs
eth1: 10.0.0.6
eth0: 192.168.3.2
In both offices I have static IP , I create the (PKI) Succesfully on the Head Office (Server1)
Please Look at the figure that attached with this question and please note That on each eth1 on both Servers The following IPS (10.0.0.5) + (10.0.0.6) will be used as Gateway , My questions Based on the requirement above :
Q.1 Which Method Shall I Use (ethernet bridging) or (routed Ip Tunnel) or (eathernet tunnel)?
Q.2 Shall I Repeat the (PKI) Installation On Server2(Client of Server1)?
Q.3 How Server2 (Client) will understand that (Client1.*) files is belongs to them based on the installation of the (PKI)?
 Q.4 I need some one help me on how i set up my configuration file for open VPN On (Serve,Client).Conf ?

Note Please Provide Your Question with detailed about some fields like:
client-config-dir, diff hellman parameters , which parameters shall I leave and modify ,..etc.

Network1.jpg
mubama0nAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
m_adamczykConnect With a Mentor Commented:
I have experience creating a very similar scenario. SysExpert is only PARTIALLY correct; when ethernet bridging with OpenVPN you MAY use the same subnet, but I'm not sure how well it will work with static IP addressing. I created an OpenVPN WAN where Server1 had DHCP and gave IPs x.x.x.100-149 and Server2 had DHCP and gave IPs x.x.x.150-199.

Q1: Definitely use ethernet bridging if you wish to keep the same IP subnet. This will also allow DNS information to traverse the VPN link so you can ping by computer name across the VPN.
Q2: I'm not sure what you mean about recreating the PKI on Server 2. I created 1 Certificate Authority and created 2 server keys - Server1 & Server2, then also created client keys designated for each server (Client1-to-Server1, Client1-to-Server2, Client2-to-Server1, Client2-to-Server2, etc.). The CA.KEY and CA.CRT files you use are the 1 and only files you produce by creating your Certificate Authority; All keys should be created from it.
Q3: Pick one Server (1 or 2) to be the OpenVPN server, and the other will be the client. In the OpenVPN.conf file, you will then put the settings accordingly.
Q4: Before creating a bridged network, I found it much easier to test with a routed connection then change the setting into a bridged configuration. If you wish to start with a bridged connection, then start with the OpenVPN HOWTO at http://openvpn.net/bridge.html

When you begin testing, do NOT run OpenVPN as a daemon. Start running in from the command line:
openvpn --config server.conf
and read what it tells you. If there are no errors, then continue to the client and run
openvpn --config client.conf
and read what it tells you. This information will be very useful and quicker than digging through logs.

Regarding specific fields in the configuration, the sample server.ovpn and client.ovpn files are the best starting point. They provide various options you MAY set, but only have the minimum set for secure operation. client-config-dir would be used if you are connecting several remote VPN to the VPN server; you are not doing this, you are bridging one remote VPN client (acting as your local server) to the VPN server. diff hellman parameters depend on your level of desired security. Generate your Diff-Helm key at either 1024 or 2048 bits and set your config file to reflect that.

If you wish to do more with your OpenVPN installation then consider buying the OpenVPN book. The HOWTO guides on OpenVpn.net were very helpful, and the book helped answer detailed questions about the many parameters.

Please try my suggestions and let me know if you have problems and need more detailed help with your config files.
0
 
ahoffmannCommented:
in general it's a bad idea to use IP from the same logical subnet on both ends of the tunnel, except you're 101% used to setup correct routing on both ends after establishing the tunnel.
It's geting much simpler if you use different networks.
0
 
mubama0nAuthor Commented:
Thanks  for your notes
Ok , No Problem Keep Now this setting and show me how to setup (Server & Client).conf .
0
A proven path to a career in data science

At Springboard, we know how to get you a job in data science. With Springboard’s Data Science Career Track, you’ll master data science  with a curriculum built by industry experts. You’ll work on real projects, and get 1-on-1 mentorship from a data scientist.

 
mubama0nAuthor Commented:
Dear ahoffmann:

Server2 Is Another Network.
0
 
mubama0nAuthor Commented:
On the Client Site (Server2) , shall we install openvpn & do the same steps?
On which file shall we make the sitting?
0
 
mubama0nAuthor Commented:
Dear ahoffmann

 I want Ask you some question , If I cahnge thes setuop of sub office into:
Sub-Office (Server2)
Linux Box with two NICs
eth1: 10.0.0.6
eth0: 192.168.0.1

How Can It works as vpn , On this case shall we use (Bridging)?
Please illustrate the case on server.conf

0
 
ahoffmannCommented:
> this case shall we use (Bridging)?
yes, but I don't know how to configure that
0
 
mubama0nAuthor Commented:
No Body Has Solve The problem , Administrator please Advice
0
 
SysExpertCommented:
1) You need different Private LAN subnets on each side so 3.1 and 3.2 can not be used.

change one to 4.1

2) You need to test and look at the logs to determine what the issues are.
First try and then post logs.


I hope this helps !
0
 
mubama0nAuthor Commented:
Thanks for your solution I have some small problem , I complete the setting successfuly as you post, I got (connection  refused) message and I'm trying to solve the problem , Why do think this message displayed?
0
 
m_adamczykCommented:
"Connection Refused" or "Connection Reset"? I have seen "Connection Reset by Peer" messages in my configs - I will check my notes to see what the cause was. I'm stuck with an XP reinstall and will probably need a day to find my notes. Sorry for the long delay in responding.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.