Setting up OpenVPN

I am looking into using OpenVPN to setup a VPN solution.  I have never used the product before so am just now going through the documentation and am looking for advice.

I have a MS-SQL database that runs a client/server Windows application.  This database sits on my private 192.168.1.x LAN and resides on a Windows 2003 system.  I have several systems on public IP's (email system, web server, etc.).  

Do I install the OpenVPN server software on one of my boxes with a public IP (they public IP systems are all Linux systems) and then configure it to pass requests to my private LAN.  What client(s) does a Windows 7 workstation use to access this VPN solution?  Are all VPN requests from remote clients on the same port?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
For OpenVPN server you need OpenVPN client, no matter which platform/OS each runs on. OpenVPN implements an own, proprietary protocol, based on SSL, so there is no other compatible client available than OpenVPN itself.

Having OpenVPN server running on the same box which provides services is more easy. But you can use any machine as OpenVPN server. If the server is not an edge device (having a public IP), then you need port forwarding for the OpenVPN server port chosen (1194/udp by default), but that is the only "difficulty" there.

OpenVPN is usually configured to use a transfer network with own IPs for client and server. In that case the necessary routes need to be defined either with the server config (keyword PUSH ROUTE), or with each client config (ROUTE).

Be warned - is very popular, conflicts with clients' networks are likely, causing major issues with routing.

You should find the OpenVPN Wikis helpful for getting started with a connection. You will need to follow the examples for (multi-)client/(single-)server, using certificates.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bkestingAuthor Commented:
So, should I place OpenVPN server on my Windows Server that is on my private LAN that hosts the services I need to access remotely and then just use port-forwarding on my router?
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
bkestingAuthor Commented:
I'm pretty new to this VPN stuff, so I guess I should ask......instead of OpenVPN, should I just use the Routing and Remote Access features already built into Windows and use Windows VPN?
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
With RRAS all can get much easier (or not). The pro is that you do not need a special client, and it works in most cases. But troubleshooting can be a pain.
If you want to use "standard VPN" features of Windows, set up RRAS in RAS mode (allowing incoming calls). You should either select a static IP pool for RAS, or use DHCP if available, to get IPs from the LAN - this makes access to the LAN much more simple. The default VPN protocol is "PPTP", which requires you to forward protocol 47 and port 1723/tcp. That is often managed by a single setting called "PPTP passthru" or "VPN passthru".
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.