Lonnie, Thanks for the write up. That's spot on to what I'm using for a few clients. If both end points are static IP's this can easily be done with racoon (ipsec).
Darrick Lonnie Abelbeck wrote: > Michael Keuter inquired how to configure AstLinux to act as a OpenVPN > client, rather than an OpenVPN server. > > Working with Michael, I wanted to document the process in this brief > HOWTO. > > Intro) AstLinux's standard implementation of OpenVPN is to act as a > server, where clients are often mobile PC's using OS X, Linux or > Windows. But, what if an AstLinux box needs to act as an OpenVPN > client to connect to another AstLinux box acting as the OpenVPN server? > > Step 1) Download the client credentials from the server box's OpenVPN > sub-tab, and securely transfer the resulting zip file to the client > box and "unzip" the credentials in the /mnt/kd/openvpn directory. > > Step 2) The standard OVPN_* variables will be superseded if a /mnt/kd/ > openvpn/openvpn.conf files exists. > > AstLinux OpenVPN Client Configuration: > http://lonnie.abelbeck.com/astlinux/openvpn.conf.txt > > Replace the "remote" IP address line with your OpenVPN server IP > address, and make sure the paths to the credentials match the > locations from the previous step. > > Step 3) Using the Network tab -> User System variables {Edit User > Variables}, define the following variables... > > ## Set OVPN_SERVER variable same as your server > OVPN_SERVER="10.8.0.0 255.255.255.0" > OVPN_DEV="tun1" > NONAT="tun1" > > Step 4) Reboot the client System to apply the changes. > > The client AstLinux box should be able to access the server AstLinux > box. The server's Firewall sub-tab will probably want the following > option checked. > > _X_ Allow OpenVPN tunnel to the [1st LAN Interface] > > > Advanced Tweak: > What if you want the client's LAN to be a routable part of the client- > server OpenVPN network? > > Step 1) As with the server, on the client's Firewall sub-tab check the > following option. > > _X_ Allow OpenVPN tunnel to the [1st LAN Interface] > > Step 2) On the server's OpenVPN sub-tab set... > > Raw Command: client-config-dir /mnt/kd/openvpn/ccd > > Raw Command: route 192.168.111.0 255.255.255.0 > > (assuming 192.168.111.0/24 is the client's 1st LAN Interface) > > Step 3) In the server's /mnt/kd/openvpn directory, create a "ccd" > directory. > > Then create a text file in ccd with a name matching the CommonName of > your client credentials. > > In that file, add the line > > iroute 192.168.111.0 255.255.255.0 > > Step 4) Restart OpenVPN on both the client and server boxes. > > > While not quite point-and-click, an AstLinux system can operate as an > OpenVPN client. If this is a popular request, this client > configuration could be included via the web interface. > > > Lonnie > > > ------------------------------------------------------------------------------ > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
