808htfan wrote: > I also found this, > http://dev.mensfeld.pl/2014/07/setting-up-a-vpn-server-on-a-tomato-router-wrt54gl/ > > I've downloaded OpenVPN for Win here > http://openvpn.net/index.php/open-source/downloads.html, and the easyrsa > zip from here https://github.com/OpenVPN/easy-rsa > > I think I can manage generating the certificates as shown in one/both of > the guides. As for the iOS device, I don't see an OpenVPN section in > Settings-->General-->VPN. It's an old iPhone 3GS a friend gave me to > use as a wifi only device, so it's stuck on iOS 6. Do I need to put > something like the OpenVPN Connect app > https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8 on it? > > Also, the guide suggests I change the subnet from 192.168.1.1 to > something else because of potential conflicts. Does that matter if I'm > only connecting a few clients from the outside to my router? > > Thanks! - I've quickly gone through the dev.mensfeld.pl guide, it seems to the point; I'd use that, esp. if you are using Tomato as your VPN server. - I've always setup openvpn in a private environment, with a laptop -with personal firewall OFF- as test client, before going all out with the server listening to the WAN port, using certs and all. Not sure Tomato would let you define simplistic tunnel setups (like trying to hop from a home wireless network to a separate home wired network, with no cypher and simple password security), but I'd recommend to tackle the problem as gradually as possible. (Be warned that if the OpenVPN server listens to the WAN, you should test with a client using an outside address, as one obtained from a public wifi hotspot. If the client comes from a private address within your own network you might enter the router 'hairpinning' issue.) - Use easy-rsa (or any GUI helper using it) to generate certs when you go for certificate-based authentication. You can generate credentials on any machine and move them to the target machines afterwards. What target machines/applications will be fussy about is the format of the files (pkcs12, PEM ...) - The openvpn app seems to work on iOS 6.1 onwards; My ipad never leaves home and my iPhone still runs iOS 5, so I've never used it... However: i. you need this app for sure on your iOS devices if you want to use them as OpenVPN clients, ii. your first client would rather be a laptop, debugging will be much easier.
About the 192.168.1.x network: what these guides say is that 192.168.1.0/24 is the most common private network. So, if you're on a wifi hotspot with a 192.168.1.123 LAN address, connect to your OpenVPN server and it tries to serve you with a 192.168.1.56 address because your own network is on 192.168.1.x too, the client will get confused. Moving to 192.168.2.x is a trick supposed to mitigate the issue. I'm sure 192.168.2.x is quite commonly used too. I'd rather recommend moving up to 192.168.255.0/24 (the .255 part of the quad strikes fear in some admins, as it looks like a broadcast address), or better to a -possibly subnetted if you're brave- "class-B" private network, like 172.[16 to 31].0.0/16. The "class-A" private network 10.0.0.0/8 is also commonly used but again if you use a subnet like 10.255.255.0/24 I doubt you'll find many conflicting configurations in the outside world. I hope this helps and is clear enough. OpenVPN is a fantastic piece of software well worth some initial investment. 4 SB 3 iPeng (iPhone + iPad) SqueezeLite Squeezebox Server 7.8.1 (Debian 7.5) with plugins: CD Player, WaveInput by bpa IRBlaster by Gwendesign (Felix) Server Power Control by Gordon Harris Smart Mix by Michael Herger PowerSave by Jason Holtzapple Song Info, Song Lyrics by Erland Isaksson WeatherTime by Martin Rehfeld ShairTunes by StuartUSA Local Player, BBC iPlayer, SwitchPlayer by Triode Auto Dim Display, SaverSwitcher, ContextMenu by Peter Watkins. ------------------------------------------------------------------------ epoch1970's Profile: http://forums.slimdevices.com/member.php?userid=16711 View this thread: http://forums.slimdevices.com/showthread.php?t=102819
_______________________________________________ discuss mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/discuss
