Thank you both. That is indeed where I went wrong. I set the network to be the LAN subnet.
I will have another go once I am back up and running (I'm hoping that just deleting /mnt/kd/gui.anything_openvpn_related.conf should bring it back to life). Next I just need to identify yet more unique subnets to use - we have load balancers running MPVs which also use their own subnets, so this is going to get confusing. One step at a time, and I have enough to go on to make some progress for now. However, for this solution to work for us, all clients on both client and server subnets need to be able to route to one another, in both directions. However, James has given me some pointers towards that in his earlier message, so hopefully that will get me there. If it all works (as I'm SURE it shall), I'll try to write it up on the wiki. No-one better than a beginner to test and write up for other beginners. Thanks again for all your help Tom -----Original Message----- From: Lonnie Abelbeck [mailto:li...@lonnie.abelbeck.com] Sent: 30 March 2012 17:53 To: AstLinux Users Mailing List Cc: Tom Chadwin Subject: Re: [Astlinux-users] OpenVPN config Hi Tom. The OpenVPN Server network is totally new and unique, only one box will run as a server, why not use: Network: 10.8.1.0 255.255.255.0 for the server endpoint. Then the Clients would have Remote Server: 1.2.3.4 (public IPv4 address of OpenVPN server) Remote Network: 10.8.1.0 255.255.255.0 The Cipher should match for all clients and servers. Generate all the certs/keys on the Server, and distribute them to the clients, using the web interface for both. That is about all there is to it. But, if you want to route networks behind the clients, that is a little more complicated, but can be done. If so, This may be a case where IPsec may be the better choice, if you want to route networks to networks. Lonnie On Mar 30, 2012, at 11:24 AM, Tom Chadwin wrote: > Many thanks indeed for this. I shall certainly attempt this once I > have sorted out the issues on Monday. One question: > >> (Server Mode) >> Network: ***This is the network you want to be running over the TUNNEL. > Make sure you chose something not being used by any other network interface. > This might have been what caused the bricking earlier, if you set it > the same as the WAN interface. It should be in the format of X.X.X.X > Y.Y.Y.Y, with X as the network address and Y as the subnet mask (ie: > 172.21.0.0 > 255.255.255.0)*** > > This is not 100% clear to me, and could have been where I went wrong, > though I absolutely did not put the WAN network or interface in here. > Is this the LAN network/subnet which this Astlinux box is on, or is it > an entirely new subnet not used by LAN or WAN at either end of the tunnel? > > Real topology: > > Server LAN is aaa.aaa.aaa.aaa/24 > Server WAN is xxx.xxx.xxx.xxx/29 > > Client LAN is bbb.bbb.bbb.bbb/24 > Client WAN is yyy.yyy.yyy.yyy/29 > > Under "Server Mode", should "Network" be aaa.aaa.aaa.aaa > 255.255.255.0, or should it be ccc.ccc.ccc.ccc 255.255.255.0 (your maskage may vary)? > > Thanks, and many apologies for beginner's questions > > Tom ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
