Changes between Version 23 and Version 24 of HOWTO


Ignore:
Timestamp:
11/25/15 20:13:21 (8 years ago)
Author:
Elvey
Comment:

typo, grammar fixes (more to come if I can get .ovpn creation working in Raspbian.)

Legend:

Unmodified
Added
Removed
Modified
  • HOWTO

    v23 v24  
    2424The original [wiki:Openvpn1xHOWTO OpenVPN 1.x HOWTO] is still available, and remains relevant for point-to-point or static-key configurations. Complete list of documentation is available on the [wiki:WikiStart documentation front page].
    2525
    26 While this HOWTO will guide you in setting up a scalable client/server VPN using an X509 PKI (public key infrastruction using certificates and private keys), this might be overkill if you are only looking for a simple VPN setup with a server that can handle a single client.
     26While this HOWTO will guide you in setting up a scalable client/server VPN using an X509 PKI (public key infrastructure using certificates and private keys), this might be overkill if you are only looking for a simple VPN setup with a server that can handle a single client.
    2727
    2828If you would like to get a VPN running quickly with minimal configuration, you might check out the [wiki:StaticKeyMiniHowto Static Key Mini-HOWTO]. The advantages of a static key setup:
     
    7070
    7171 * Right click on an OpenVPN configuration file (.ovpn) and select '''Start OpenVPN on this configuration file'''. Once running, you can use the '''F4''' key to exit.
    72  * Run OpenVPN from a command prompt Window with a command such as "'''openvpn myconfig.ovpn'''". Once running in a command prompt window, OpenVPN can be stopped by the F4 key.
     72 * Run OpenVPN from a command prompt Window with a command such as "'''openvpn myconfig.ovpn'''". Once running in a command prompt window, the F4 key can stop OpenVPN.
    7373 * Run OpenVPN as a service by putting one or more .ovpn configuration files in '''\Program Files\OpenVPN\config''' and starting the OpenVPN Service, which can be controlled from Start Menu -> Control Panel -> Administrative Tools -> Services.
    7474
     
    8787make install
    8888}}}
    89 method can be used, or you can search for an OpenVPN port or package which is specific to your OS/distribution.
     89method can be used, or you can search for an OpenVPN port or package that is specific to your OS/distribution.
    9090
    9191= Determining whether to use a routed or bridged VPN =
     
    114114
    115115 * conflicts from different sites on the VPN using the same LAN subnet numbering, or
    116  * remote access connections from sites which are using private subnets which conflict with your VPN subnets.
     116 * remote access connections from sites that are using private subnets which conflict with your VPN subnets.
    117117
    118118For example, suppose you use the popular 192.168.0.0/24 subnet as your private LAN subnet. Now you are trying to connect to the VPN from an internet cafe which is using the same subnet for its !WiFi LAN. You will have a routing conflict because your machine won't know if 192.168.0.1 refers to the local !WiFi gateway or to the same address on the VPN.
     
    521521For this example, we will assume that the client LAN is using the '''192.168.4.0/24''' subnet, and that the VPN client is using a certificate with a common name of '''client2'''. Our goal is to set up the VPN so that any machine on the client LAN can communicate with any machine on the server LAN through the VPN.
    522522
    523 Before setup, there are some basic prerequisites which must be followed:
    524 
    525  * The client LAN subnet ('''192.168.4.0/24''' in our example) must not be exported to the VPN by the server or any other client sites which are using the same subnet. Every subnet which is joined to the VPN via routing must be unique.
     523Before setup, there are some basic prerequisites, which must be followed:
     524
     525 * The client LAN subnet ('''192.168.4.0/24''' in our example) must not be exported to the VPN by the server or any other client sites that are using the same subnet. Every subnet which is joined to the VPN via routing must be unique.
    526526 * The client must have a unique Common Name in its certificate ("client2" in our example), and the '''duplicate-cn''' flag must not be used in the OpenVPN server configuration file.
    527527