1) I have server inside a local network with eth0 192.168.0.14/24
2) A cheap modem with IP XX.XX.XX.166 and NAT 8460 port to 192.168.0.14
3) VPN network will be 172.26.0.0/24
We gonna use NAT since we cant add a static route to main gateway:
Windows openvpn client(172.26.0.6) <==>172.26.0.1 => NAT => 192.168.0.14
In general, my server configuration has been done according to this article: http://habrahabr.ru/post/194144/
2) A cheap modem with IP XX.XX.XX.166 and NAT 8460 port to 192.168.0.14
3) VPN network will be 172.26.0.0/24
We gonna use NAT since we cant add a static route to main gateway:
Windows openvpn client(172.26.0.6) <==>172.26.0.1 => NAT => 192.168.0.14
In general, my server configuration has been done according to this article: http://habrahabr.ru/post/194144/
/etc/openvpn/server.conf:
[root@gsm-gateway html]# cat /etc/openvpn/server.conf local 192.168.0.14 port 8460 proto tcp-server dev tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 172.26.0.0 255.255.255.0 persist-key persist-tun ifconfig-pool-persist ipp.txt route 172.26.0.0 255.255.255.0 client-to-client push "route 192.168.0.0 255.255.255.0" push "redirect-gateway def" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" keepalive 10 120 comp-lzo max-clients 100 user openvpn group openvpn persist-key persist-tun status /var/log/openvpn/openvpn-status.log log-append /var/log/openvpn/openvpn.log verb 3 tun-mtu 1500 tun-mtu-extra 32
/etc/sysconfig/iptables:
[root@gsm-gateway html]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Sun Jun 1 14:09:37 2014 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2253:276759] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 8460 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -i tun0 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 172.26.0.0/24 -d 192.168.0.0/24 -i tun0 -o eth0 -m conntrack --ctstate NEW -j ACCEPT -A FORWARD -i tun0 -j ACCEPT -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Sun Jun 1 14:09:37 2014 # Generated by iptables-save v1.4.7 on Sun Jun 1 14:09:37 2014 *nat :PREROUTING ACCEPT [7656:717493] :POSTROUTING ACCEPT [2631:164557] :OUTPUT ACCEPT [2631:164557] -A POSTROUTING -s 172.26.0.0/24 -o eth0 -j MASQUERADE COMMIT # Completed on Sun Jun 1 14:09:37 2014
Client (Windows 7) server.ovpn:
client dev tun proto tcp-client remote XX.XX.XX.166 8460 resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ca ca.crt cert client1.crt key client1.key auth-user-pass comp-lzo reneg-sec 0 verb 5
Run windows client as administrator!!!
Windows Username/Password annoying prompt
To disable Username/Password prompt read this thread https://forums.openvpn.net/topic11342.html
Enough said:
1. Create a txt file on a folder alongside your .ovpn files name it what ever you want ex. 'pass.txt'
2. Put your user/pass inside the file in two(2) lines, like:
3. Then save it.
4. open up your .ovpn file in notepad and add:
5. save and connect to your openvpn server.
2. Put your user/pass inside the file in two(2) lines, like:
Code:
username
password
password
3. Then save it.
4. open up your .ovpn file in notepad and add:
Code:
auth-user-pass pass.txt
5. save and connect to your openvpn server.
No comments:
Post a Comment