I finally got around to doing that setup of my test network using the
openvpn debian snapshots and windows test installer.  The network consists
of 1 static ip debian 6 linux hub server and 3 dynamic ip debian 6 linux
remote sites and 2 dynamic ip windows (vista and win7) road warriors. After
working through some issues I have it all working with ip4v and ipv6 inside
the tunnels.  Below are some things that I noted along the way that might
make the setup easier for users.

#1 The openssl conf files are gziped in easyrsa 2.0 (would be nice if the
script decomressed them if it saw they were compressed) When you try to
./build-ca you get an error until you decompress the openssl config files,
this might not be an openvpn issue persay but users will see it came with
the package and probably complain.

#2 When building CA use different CommonName for CA crt and Server Crt in
How To / docs (avoids the error message about same signing ca.crt and
server.crt) There might have been a option to turn off that error message,
but if its noted to just use a different CommonName I found that alot
easier that finding how to turn off that checking.

#3 In OpenVpnGUI on the connect entry have it ask which *.opvn file to
connect to or all or if it could parse all the possible client files and
make a connect entry for each or all.

#4 Set max retires in windows cfg to like 5 (when set to infinute you can't
break out of it unless you kill the UI) I had an error in my config file
and it scrolled by at lighting speed trying to reconnect and it makes it
real hard to figure out what was wrong.

#5 Put ipv6 example entries into the config files so people can see where
they go as the excellent example configs already show now for ipv4 for
server and client configs.

#6 In linux client config file should be dev tun-ipv6 and not just tun-ipv6

I used the version from debian snapshots openvpn_2.3-debian2_i386.deb on
the linux hosts and the windows installer was the one from December 2011.

If you have any other questions about the setup or wish me to test
something,  Please let me know.

Wayne

Reply via email to