userdoc:tt_openvpn_client_networks

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
userdoc:tt_openvpn_client_networks [2013/03/15 15:26]
abelbeck
userdoc:tt_openvpn_client_networks [2013/03/15 22:45] (current)
abelbeck
Line 9: Line 9:
 The best way to describe this configuration is by an example: The best way to describe this configuration is by an example:
  
-===== Assumptions =====+===== Example Assumptions =====
  
 For this example, the Server Network IPv4 NetMask is ''10.8.1.0 255.255.255.0''  For this example, the Server Network IPv4 NetMask is ''10.8.1.0 255.255.255.0'' 
Line 17: Line 17:
 Let us assume the client has a local network of 192.168.222.1/24 that we want the server endpoint to access. Let us assume the client has a local network of 192.168.222.1/24 that we want the server endpoint to access.
  
-!!Tip ->!! While it should not matter in general, if all your clients support a Topology of subnet, specify that.+!!Tip ->!! While it should not matter in general, if all your clients support a Topology of subnet, it is suggested to specify that.
  
 {{:userdoc:openvpn-client-net-topology.jpg?nolink|}} {{:userdoc:openvpn-client-net-topology.jpg?nolink|}}
Line 28: Line 28:
  
  
-!!Note ->!! It is important to specify the ''route-gateway'' to the first address of your server IPv4 network. Recent versions of OpenVPN (AstLinux 1.1.1 and later) use the ''ip'' system command to apply network settingsrather than the older ''ifconfig'' system command, which has the side effect of requiring the ''route-gateway'' to be specified.+!!Note ->!! If you are using Topology "subnet" it is important to specify the ''route-gateway'' to the first (''.1''address of your server IPv4 network. If you are not using Topology "subnet"defining ''route-gateway'' is not necessary and it will create the route properly by default.
  
 ===== OpenVPN CCD File Configuration ===== ===== OpenVPN CCD File Configuration =====
Line 38: Line 38:
   iroute 192.168.222.0 255.255.255.0   iroute 192.168.222.0 255.255.255.0
  
-add the ''iroute'' command for the desired client network(s).  Make sure your ccd file has "other" read privileges since OpenVPN runs with "nobody" privileges.+add the ''iroute'' command for the desired client network(s).  Make sure your ccd file has "other" read permissions since OpenVPN runs with "nobody" privileges.
  
 After the ccd file is created, it can later be edited via the Edit tab using the web interface, (AstLinux 1.1.1 and later). After the ccd file is created, it can later be edited via the Edit tab using the web interface, (AstLinux 1.1.1 and later).
Line 50: Line 50:
  
 !!Tip ->!! If a ccd file of ''DEFAULT'' exists, all non-matching CommonName clients will use it's file contents, though not required. !!Tip ->!! If a ccd file of ''DEFAULT'' exists, all non-matching CommonName clients will use it's file contents, though not required.
 +
 +Finally, after all the above steps are completed substituting your network values, restart the OpenVPN Server, the proper routes should be in place when the OpenVPN client connects.  If you still can't reach the client endpoint's network, read the next section on configuring the firewall at the client endpoint.
 +
  
 ===== Firewall Configuration ===== ===== Firewall Configuration =====
Line 61: Line 64:
 {{:userdoc:openvpn-client-net-firewall.jpg?nolink|}} {{:userdoc:openvpn-client-net-firewall.jpg?nolink|}}
  
-In this example, at the client endpoint, the 1st LAN Interface has a 192.168.222.1/24 network defined.+In this example, at the client endpoint, the "1st LAN Interfacehas a 192.168.222.1/24 network defined.
  
  
  • userdoc/tt_openvpn_client_networks.1363379173.txt.gz
  • Last modified: 2013/03/15 15:26
  • by abelbeck