Re: OpenVPN - what configuration do I need/want
From: Ryan Coleman edi...@d3photography.com To: Bill Tillman btillma...@yahoo.com Cc: FreeBSD Questions freebsd-questions@freebsd.org Sent: Saturday, November 5, 2011 9:32 PM Subject: Re: OpenVPN - what configuration do I need/want So... basically you've just set up servers that utilize the host connection or doesn't route? On Nov 5, 2011, at 5:35 AM, Bill Tillman wrote: From: Ryan Coleman edi...@d3photography.com To: FreeBSD Questions freebsd-questions@freebsd.org Sent: Friday, November 4, 2011 10:22 AM Subject: OpenVPN - what configuration do I need/want I have a PE 2450 with dual NICs and I want to turn it into a bridging VPN for the guys in the office to utilize. Our configuration: My office: 192.168.46.0/24 Server IPs: 192.168.46.2 [8.2-RELEASE] + public IP Corporate office: 192.168.45.0/24 My VPN: 192.168.47.0/24 [preferred] There's a NetVanta VPN between my office and the corporate office and I presume that will still work to route 47.0/24 to 45.0/24 when all is said and done. I am going to be supporting Windows and Mac clients (well, all windows and then my mac) and I'd like to test it from my 8.2 server at home before pushing this over to my MacBook Pro (using Tunnelblick) and then to my Windows users. I've tried the FreeBSD handbook and the Section6.net walkthroughs to no avail. Any help would be appreciated. Thanks, Ryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org I can't say that I'm familiar with your setup which uses bridging. But I setup OpenVPN to work on a server inside my LAN which is behind my FreeBSD firewall server. The setup wasn't that hard, you just have to forward the right ports and get the certificates copied to the clients correctly. The docs on the OpenVPN site were very helpful in this for me. The trouble you may find is that this other VPN appliance you reference, NetVanta, may or may not be compatible with OpenVPN. I tried this several years ago with a remote company I was working for and found out quite dissappointingly that the protocol used by OpenVPN would not work whatsoever with Cisco equipment. That may have changed now but at the time all the advice I got was forget about it. Cisco equipment would not work with OpenVPN period. Luckily at the time I had a small Cisco appliance at my house and that is the only way I could get that setup to work. These days I happily connect to my LAN with encrypted tunnels from most places like hotels, etc... There is a problem sometimes at places like Starbucks or McDonalds where they have equipment which is blocking ports needed to run VPN. And in most cases it's not that they are blocking specific ports, it's that they are blocking everything except port 80 to only let their freebie users surf web content. YMMVcheck the docs on the OpenVPN site. Many HOWTOs and examples will help you get going. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Yes, but the setup is very similar. The docs available on the OpenVPN website give HOWTOs on both setups and they are very similar. I would check these as I found them to be very helpful. OpenVPN also has a great mailing list where I got some additional help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN - what configuration do I need/want
From: Ryan Coleman edi...@d3photography.com To: FreeBSD Questions freebsd-questions@freebsd.org Sent: Friday, November 4, 2011 10:22 AM Subject: OpenVPN - what configuration do I need/want I have a PE 2450 with dual NICs and I want to turn it into a bridging VPN for the guys in the office to utilize. Our configuration: My office: 192.168.46.0/24 Server IPs: 192.168.46.2 [8.2-RELEASE] + public IP Corporate office: 192.168.45.0/24 My VPN: 192.168.47.0/24 [preferred] There's a NetVanta VPN between my office and the corporate office and I presume that will still work to route 47.0/24 to 45.0/24 when all is said and done. I am going to be supporting Windows and Mac clients (well, all windows and then my mac) and I'd like to test it from my 8.2 server at home before pushing this over to my MacBook Pro (using Tunnelblick) and then to my Windows users. I've tried the FreeBSD handbook and the Section6.net walkthroughs to no avail. Any help would be appreciated. Thanks, Ryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org I can't say that I'm familiar with your setup which uses bridging. But I setup OpenVPN to work on a server inside my LAN which is behind my FreeBSD firewall server. The setup wasn't that hard, you just have to forward the right ports and get the certificates copied to the clients correctly. The docs on the OpenVPN site were very helpful in this for me. The trouble you may find is that this other VPN appliance you reference, NetVanta, may or may not be compatible with OpenVPN. I tried this several years ago with a remote company I was working for and found out quite dissappointingly that the protocol used by OpenVPN would not work whatsoever with Cisco equipment. That may have changed now but at the time all the advice I got was forget about it. Cisco equipment would not work with OpenVPN period. Luckily at the time I had a small Cisco appliance at my house and that is the only way I could get that setup to work. These days I happily connect to my LAN with encrypted tunnels from most places like hotels, etc... There is a problem sometimes at places like Starbucks or McDonalds where they have equipment which is blocking ports needed to run VPN. And in most cases it's not that they are blocking specific ports, it's that they are blocking everything except port 80 to only let their freebie users surf web content. YMMVcheck the docs on the OpenVPN site. Many HOWTOs and examples will help you get going. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN - what configuration do I need/want
Bill Tillman btillma...@yahoo.com wrote: the protocol used by OpenVPN would not work whatsoever with Cisco equipment ... That's what security/vpnc is for :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN - what configuration do I need/want
So... basically you've just set up servers that utilize the host connection or doesn't route? On Nov 5, 2011, at 5:35 AM, Bill Tillman wrote: From: Ryan Coleman edi...@d3photography.com To: FreeBSD Questions freebsd-questions@freebsd.org Sent: Friday, November 4, 2011 10:22 AM Subject: OpenVPN - what configuration do I need/want I have a PE 2450 with dual NICs and I want to turn it into a bridging VPN for the guys in the office to utilize. Our configuration: My office: 192.168.46.0/24 Server IPs: 192.168.46.2 [8.2-RELEASE] + public IP Corporate office: 192.168.45.0/24 My VPN: 192.168.47.0/24 [preferred] There's a NetVanta VPN between my office and the corporate office and I presume that will still work to route 47.0/24 to 45.0/24 when all is said and done. I am going to be supporting Windows and Mac clients (well, all windows and then my mac) and I'd like to test it from my 8.2 server at home before pushing this over to my MacBook Pro (using Tunnelblick) and then to my Windows users. I've tried the FreeBSD handbook and the Section6.net walkthroughs to no avail. Any help would be appreciated. Thanks, Ryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org I can't say that I'm familiar with your setup which uses bridging. But I setup OpenVPN to work on a server inside my LAN which is behind my FreeBSD firewall server. The setup wasn't that hard, you just have to forward the right ports and get the certificates copied to the clients correctly. The docs on the OpenVPN site were very helpful in this for me. The trouble you may find is that this other VPN appliance you reference, NetVanta, may or may not be compatible with OpenVPN. I tried this several years ago with a remote company I was working for and found out quite dissappointingly that the protocol used by OpenVPN would not work whatsoever with Cisco equipment. That may have changed now but at the time all the advice I got was forget about it. Cisco equipment would not work with OpenVPN period. Luckily at the time I had a small Cisco appliance at my house and that is the only way I could get that setup to work. These days I happily connect to my LAN with encrypted tunnels from most places like hotels, etc... There is a problem sometimes at places like Starbucks or McDonalds where they have equipment which is blocking ports needed to run VPN. And in most cases it's not that they are blocking specific ports, it's that they are blocking everything except port 80 to only let their freebie users surf web content. YMMVcheck the docs on the OpenVPN site. Many HOWTOs and examples will help you get going. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
