On Fri, 2009-07-24 at 10:25 +1200, Phill Coxon wrote: > On Fri, 2009-07-24 at 09:59 +1200, Craig Falconer wrote: > > > I agree with Steve - look at some kind of permanent VPN. OpenVPN might > > be okay (what I use at home) or for real true two-way routing you'd want > > an ipsec tunnel. > > I'm after a simple solution so I can set up and access a VPN from my > notebook over mobile broadband while traveling so no need for a > permanent high end solution at this stage. > > > > > > > > 1. Install openvpn on a linux ( well, actually it works just as well on windows! ) server. OpenVPN have just redesigned their site, but the stuff you want is the 2.1 rc ( I've just checked it's at 2.1_rc19 ) from http://openvpn.net/index.php/open-source/downloads.html
Create a server.conf in /etc/openvpn ( you'll need to play around with ip addresses and ranges ) -- 8< -- port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 10.0.0.0 255.255.255.0" client-config-dir ccd route 192.168.1.0 255.255.255.0 client-to-client keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 4 -- 8< -- You need to create the ca.crt, server.crt, server.crt and dh1024.pem using easy-rsa ( version 2.0 - I usually copy the source tree to an obvious place ). See http://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html for details. Then copy them to /etc/openvpn. Don't forget to remove the password requirement on startup, or you'll end up a long way from home and a server restart will disconnect you. Start 'er up. You need an appropriate startup script in /etc/init.d, and linke to the different runlevels. Distro specific, but IIRC there's a redhat one in there. I've got a debian one if anyone wants one. /etc/init.d/openvpn start should come back with OK... or similar. For your client, install the software from the same place. If windows, then \Program Files\OpenVPN\config\client.ovpn is the config, otherwise it's /etc/openvpn/client.conf. Config file is ( change hostnames, etc as necessary. If you've got a dynamic ip address, then set up an account with no-ip.org, dyndns.org, etc and use that hostname ). -- 8< -- client dev tun proto udp port 1194 remote portal.greengecko.co.nz 1194 resolv-retry infinite persist-key persist-tun ca ca.crt cert client.crt key client.key comp-lzo verb 5 mute 20 keepalive 10 120 -- 8< -- The ca.crt, client.crt and client.key files are created on the server as above, and end up in the same directory as the config file. Next up is to test it on the lan. So edit the config so it defines the remote server as it's local IP address, and start the OpenVPN client up whilst networked to the server. The windows installation leaves a shortcut on the desktop, click, right click the new icon in the toolbar and select 'connect', the linux client is the same startup routine as the server. All you want is a successful connection at this point, I expect routing might get a bit confused is you try and use your lappie like this! Finally to test it in the field, reset your client config file, and open port 1194/udp on your firewall so that it forwards to your openvpn server. Do try it (: I expect I've made the odd mistake in the, as I've just written it from memory, not logged an install. But it should get you a fair way... hth, Steve -- Steve Holdoway <st...@greengecko.co.nz> http://www.greengecko.co.nz MSN: st...@greengecko.co.nz GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0
signature.asc
Description: This is a digitally signed message part