geffers
Posts: 397
Joined: Sun Jun 24, 2012 6:25 am
Location: UK
Contact: Website

OpenVPN Config File

Sun Apr 30, 2017 3:40 pm

Folks,

I have read up on various VPN set ups and must confess how incredibly complicated they appear, they invariably go through setting up certificates of various types, key servers, pre-shared keys, various encryptions, masquerade etc.

My head spins :roll:

I have a simple OpenVPN set up, I have a pre-shared secrets key, can connect to remote machine and PING it but that is all, nowt else can I do at the moment.

Now, very simple set up that I can tweak as I get more adventurous but I'd like to know now what I need to do to get internet access for the client through the server. Nothing complicated, no multiple clients with DHCP addresses, just the simple one machine access.

Any simple suggestions for configuration would be appreciated.

Geffers

User avatar
DougieLawson
Posts: 37703
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: OpenVPN Config File

Sun Apr 30, 2017 4:20 pm

Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Any DMs sent on Twitter will be answered next month.
All non-medical doctors are on my foes list.

haertig
Posts: 16
Joined: Wed Mar 01, 2017 2:33 am

Re: OpenVPN Config File

Sun Apr 30, 2017 6:16 pm

Assuming you are trying to set up an OpenVPN SERVER...

I've set up several VPN's. Typically on routers running Tomato firmware. But that's just OpenVPN with a GUI frontend. The standard OpenVPN documentation is the best I've found, and is what I used when learning.

https://openvpn.net/index.php/open-sour ... howto.html

geffers
Posts: 397
Joined: Sun Jun 24, 2012 6:25 am
Location: UK
Contact: Website

Re: OpenVPN Config File

Tue May 02, 2017 7:46 am

Yep, that was the 'headspinning' explanation :lol:

Geffers

User avatar
DougieLawson
Posts: 37703
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: OpenVPN Config File

Wed May 03, 2017 6:21 am

Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Any DMs sent on Twitter will be answered next month.
All non-medical doctors are on my foes list.

pi_everalm
Posts: 33
Joined: Thu Apr 20, 2017 11:44 am

Re: OpenVPN Config File

Wed May 03, 2017 1:49 pm

The simplest setup I have come across for OpenVPN is using PiVPN

http://www.pivpn.io/

A couple of questions and it runs does all the hard work for you.

I have setup, to date on a Pi3, Pi2 and Pi0-W and other than the internal router forwarding have had no issues so far, I access my internal servers, IP camera's, media servers etc via Android and Windows with no further customisation required.

You can use the PiVPN commands to do the basics of account creation or if you live and die by the command line run all the OpenVPN commands for full, detailed setup.

haertig
Posts: 16
Joined: Wed Mar 01, 2017 2:33 am

Re: OpenVPN Config File

Fri May 05, 2017 6:18 am

O.P. - Why do you want to VPN into your Pi, as opposed to VPN'ing into your router (unless your Pi *is* your router)?

I've always used VPN to connect to a network (my LAN), and your router is generally the best place to implement that. If I just want to connect to a single device on my LAN, SSH works for that.

You can even get the functionality to connect to devices on your LAN by SSH'ing into your router and using local port forwarding to to set up a path to reach your LAN devices. You don't need VPN for that, and you don't need any special SSH setup on your router either. Nor do you have to forward ports in your router. Note: You will see many internet articles on bypassing firewalls that use "SSH dynamic port forwarding and a SOCKS proxy". Local port forwarding is different than the dynamic port forwarding they are talking about in those articles, so don't get confused there. Think of "SSH local port forwarding" as a more secure substitute for "forwarding ports in your router". It does require you to be able to SSH into your router though, and that may be turned off by default. Basically, you end up calling SSH twice. The first time to set up the port forwarding, and then the second time to SSH to the target device via the forward you just set up. The first SSH is to the WAN address of your router. The second SSH is to a port on your localhost. I recommend using pubkeys with SSH for added security, but you can use a normal password setup too.

VPN is nicer, but if you're having trouble setting it up and are getting frustrated, look at what your real needs are and see if they can be met with SSH local port forwarding.

plugwash
Forum Moderator
Forum Moderator
Posts: 3550
Joined: Wed Dec 28, 2011 11:45 pm

Re: OpenVPN Config File

Fri May 05, 2017 1:33 pm

geffers wrote:Now, very simple set up that I can tweak as I get more adventurous but I'd like to know now what I need to do to get internet access for the client through the server. Nothing complicated, no multiple clients with DHCP addresses, just the simple one machine access.
In the server's openvpn client set the option to push default gateway to the client.

On the server set the sysctl to enable ip routing.

On the server set up an iptables MASQUERADE rule so that connections coming from the VPN and going out to the internet get their source address changed to that of the server.

Return to “General discussion”