OpenVPN

Email Archive: openvpn-users (read-only)

2002:	_Jan	_Feb	_Mar (12)	_Apr (45)	_May (34)	_Jun (50)	_Jul (39)	_Aug (39)	_Sep (29)	_Oct (28)	_Nov (30)	_Dec (28)
2003:	_Jan (18)	_Feb (20)	_Mar (10)	_Apr (19)	_May (72)	_Jun (42)	_Jul (31)	_Aug (153)	_Sep (156)	_Oct (233)	_Nov (213)	_Dec (137)
2004:	_Jan (255)	_Feb (292)	_Mar (449)	_Apr (241)	_May (412)	_Jun (541)	_Jul (532)	_Aug (611)	_Sep (689)	_Oct (804)	_Nov (676)	_Dec (715)
2005:	_Jan (639)	_Feb (695)	_Mar (756)	_Apr (562)	_May (497)	_Jun (424)	_Jul (394)	_Aug (427)	_Sep (390)	_Oct (418)	_Nov (387)	_Dec (494)
2006:	_Jan (503)	_Feb (436)	_Mar (563)	_Apr (448)	_May (400)	_Jun (420)	_Jul (240)	_Aug (362)	_Sep (292)	_Oct (408)	_Nov (318)	_Dec (245)
2007:	_Jan (330)	_Feb (241)	_Mar (259)	_Apr (216)	_May (305)	_Jun (277)	_Jul (288)	_Aug (269)	_Sep (273)	_Oct (248)	_Nov (267)	_Dec (265)
2008:	_Jan (312)	_Feb (454)	_Mar (358)	_Apr (195)	_May (352)	_Jun (305)	_Jul (233)	_Aug (385)	_Sep (441)	_Oct (325)	_Nov (301)	_Dec (329)
2009:	_Jan (344)	_Feb (263)	_Mar (350)	_Apr (262)	_May (255)	_Jun (161)	_Jul (330)	_Aug (281)	_Sep (285)	_Oct (230)	_Nov (304)	_Dec (284)
2010:	_Jan (353)	_Feb (260)	_Mar (357)	_Apr (403)	_May (335)	_Jun (236)	_Jul (199)	_Aug (247)	_Sep (212)	_Oct (160)	_Nov (118)	_Dec (110)
2011:	_Jan (172)	_Feb (105)	_Mar (113)	_Apr (120)	_May (124)	_Jun (88)	_Jul (94)	_Aug (63)	_Sep (78)	_Oct (42)	_Nov (137)	_Dec (90)
2012:	_Jan (75)	_Feb (113)	_Mar (90)	_Apr (77)	_May (68)	_Jun (58)	_Jul (67)	_Aug (119)	_Sep (56)	_Oct (60)	_Nov (72)	_Dec (48)
2013:	_Jan (78)	_Feb (93)	_Mar (114)	_Apr (79)	_May (39)	_Jun	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec


S	M	T	W	T	F	S
						1
						(2)
2	3	4	5	6	7	8
	(5)	(10)	(11)	(11)	(12)	(1)
9	10	11	12	13	14	15
(3)	(3)	(4)	(13)	(14)	(22)	(4)
16	17	18	19	20	21	22
(1)	(15)	(15)	(16)	(6)	(4)	(6)
23	24	25	26	27	28	29
(4)	(13)	(6)	(4)	(17)	(6)	(9)
30	31
(1)	(2)

Re: [Openvpn-users] openvpn bridging and single host clients

From: Timothy Baldwin <T.Baldwin99@me...> - 2006-07-23 18:01

In message <8E635901-0D1B-4336-A8D4-0F81318F8F16@...>, Tobias
Sargeant <toby@...> wrote:

> 
> On 18/07/2006, at 12:54 AM, Charles Duffy wrote:
> 
>> I'm unfamiliar with the problem you're referring to, but one common
>> gotcha with bridging: If you want the system running the bridge to be
>> active on the network, you need to assign that system's IP to the
>> bridge
>> itself, and not to any of the interfaces making up that bridge.
> 
> Yes, this was exactly my problem.

The other trap is routing the OpenVPN traffic via OpenVPN.

> I'm sure this is a pretty basic question, and if it's written up
> anywhere,
> I'm more than happy to just go and read that.
> 
> The situation as it stands is like this:
> 
>     openvpn1            router          router         openvpn2
> 192.168.99.250 --+ 192.168.99.220 --- 192.168.0.1 +-- 192.168.0.2
>                  |                                |
> 192.168.99.x ----'                                `-- 192.168.99.y
> 
> As I currently understand it, in order to have openvpn2 exist on the
> bridged
> network, it will need a 192.168.99 address, but I don't understand
> how it
> can then correctly pass openvpn traffic to the router.

Are you trying to bridge 2 LANs here? And their is no NAT between them?

If openvpn2 runs Linux you may be able use a routing policy to explicitly
route OpenVPN traffic.

However the simplelest solution is to either put a NAT between the
endpoints, or give the endpoints IP addresses which are on a subnet the
other endpoint is not, and use those for OpenVPN traffic.

You may give the hosts running OpenVPN additional IP addresses as well.

> 
> Thanks a lot,
> Toby.

-- 
Member AFFS, WYLUG, SWP (UK), UAF, RESPECT, StWC
OpenPGP key fingerprint: D0A6 F403 9745 CED4 6B3B  94CC 8D74 8FC9 9F7F CFE4
No to software patents!    Victory to the iraqi resistance!

Re: [Openvpn-users] openvpn bridging and single host clients

From: Tobias Sargeant <toby@pe...> - 2006-07-23 23:42

On 24/07/2006, at 4:00 AM, Timothy Baldwin wrote:

>>     openvpn1            router          router         openvpn2
>> 192.168.99.250 --+ 192.168.99.220 --- 192.168.0.1 +-- 192.168.0.2
>>                  |                                |
>> 192.168.99.x ----'                                `-- 192.168.99.y
>>
>> As I currently understand it, in order to have openvpn2 exist on the
>> bridged network, it will need a 192.168.99 address, but I don't
>> understand how it can then correctly pass openvpn traffic to the
>> router.
>
> Are you trying to bridge 2 LANs here? And their is no NAT between  
> them?

Actually, both LANs are NATed.

> If openvpn2 runs Linux you may be able use a routing policy to  
> explicitly
> route OpenVPN traffic.
>
> However the simplelest solution is to either put a NAT between the
> endpoints, or give the endpoints IP addresses which are on a subnet  
> the
> other endpoint is not, and use those for OpenVPN traffic.
>
> You may give the hosts running OpenVPN additional IP addresses as  
> well.

I think this might actually be the answer. I'm certain I can do it for
linux clients. Windows networking, however, remains a mystery to me.

Thanks,
Toby.
-- 
Tobias Sargeant  key: D9E15866 fp:  
EDD8E1EC440AD2B689BFAFA4FBFC19B6D9E15866
ph: +61 3 9345 2627   fax: +61 3 9347 0852   email: sargeant at  
wehi.edu.au
Bioinformatics, The Walter and Eliza Hall Institute of Medical Research
1G Royal Parade, Parkville, Victoria 3050, Australia

Re: [Openvpn-users] Problem with Openvpn servier on windows running as a service

From: Timothy Baldwin <T.Baldwin99@me...> - 2006-07-23 18:49

In message
<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAYZ2K4krKnUuWCyNd7G45tyKDAAAQAAAACoyiiY5poEebdM5nXcsiTAEAAAAA@...>,
Michael Hennessy <hennessy@...> wrote:

> 
> I have several openvpn servers running on a variety of windows platforms
> (XP pro, Windows 2000, windows 2000 Server), and have found that when it
> is run as a service using the "openvpn service" wrapper, that the openvpn
> server will initially (ie after a system reboot), accept and authenticate
> connections but silently refuse to pass any traffic.
> 
> If the service is manually stopped and restarted at the server then
> incoming connections will have their traffic passed as normal, and all is
> ok until the next server reboot when the same thing happens again.

Check that you haven't got a routing loop with the VPN running over the VPN.

-- 
Member AFFS, WYLUG, SWP (UK), UAF, RESPECT, StWC
OpenPGP key fingerprint: D0A6 F403 9745 CED4 6B3B  94CC 8D74 8FC9 9F7F CFE4
No to software patents!    Victory to the iraqi resistance!

Re: [Openvpn-users] VPN Server to Internet Service

From: Charles Duffy <cduffy@sp...> - 2006-07-23 16:29

Vishal Abrol wrote:
> I have one database Service that I can connect only from my public IP
> XXX.XXX.XXX.123. Now there are more users to that service. I wanted to
> configure a VPN service on my 'public IP' machine so that anybody can
> connect to my 'PUBLIC IP' machine through openVPN client. Once connected,
> they will get IP addresses from openVPN server(10.8.0.***), Once connected
> tp VPN. If they try to access the database service, I want them to be able
> to connect to that. I want to hide their own IPS and let database service
> think that all the requests are coming only from 'PUBLIC IP'  machine.
> Any easy way to do this?

The solution is actually not OpenVPN-specific. Set up a tun-based VPN 
with IP masquerading configured on the server. (Google should be able to 
find any number of good resources regarding masquerading).