Help on setting up OPENVPN 2.0.9 Server on ISA 2004 server.
The goal was to connect pfSense with OpenVPN client setup to OpenVPN server on
ISA 2004 machine.
Also, what are the route settings to be set on ISA server and other settings.
OPENVPN-ISA (SERVER)
PUBLIC IP: xxx.xxx.xxx.111
GATEWAY: xxx.xxx.xxx.100
PRIVATE IP: 192.168.200.1 (192.168.200.0/24)
VPN IP: 10.10.10.1
TAP ADAPTER: ?
OPENVPN-PFSENSE (CLIENT)
PUBLIC IP: xxx.xxx.xxx.66
GATEWAY: xxx.xxx.xxx.99
PRIVATE IP: 192.168.100.1 (192.168.100.0/24)
VPN IP: 10.10.10.2
VPN SUBNET:
10.10.10.0/24
=-=-=-=-=-=-=-=[OPENVPN CONFIG FILE]=-=-=-=-=-=-=-=
local 192.168.200.1
remote 123.4.567.89
proto tcp-server
dev tap
route 172.16.100.0 255.255.255.0 192.168.200.1
secret "C:\\Program Files\\OpenVPN\\easy-rsa\\static.key"
cipher AES-256-CBC
verb 3
mute 10
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=[OPENVPN LOG FILE]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
C:\Program Files\OpenVPN\config>openvpn --config yeheyvpn.opvn
Tue Mar 10 23:11:56 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1
2006
Tue Mar 10 23:11:56 2009 IMPORTANT: OpenVPN's default port number is now 1194,
based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and
earlier used 5000 as the default port.
Tue Mar 10 23:11:56 2009 Static Encrypt: Cipher 'AES-256-CBC' initialized with
256 bit key
Tue Mar 10 23:11:56 2009 Static Encrypt: Using 160 bit message hash 'SHA1' for
HMAC authentication
Tue Mar 10 23:11:56 2009 Static Decrypt: Cipher 'AES-256-CBC' initialized with
256 bit key
Tue Mar 10 23:11:56 2009 Static Decrypt: Using 160 bit message hash 'SHA1' for
HMAC authentication
Tue Mar 10 23:11:56 2009 TAP-WIN32 device [Local Area Connection 4] opened:
\\.\Global\{4AE92F6F-956D-4F39-B49E-70265BAFFAA6}.tap
Tue Mar 10 23:11:56 2009 TAP-Win32 Driver Version 8.4
Tue Mar 10 23:11:56 2009 TAP-Win32 MTU=1500
Tue Mar 10 23:11:56 2009 NOTE: FlushIpNetTable failed on interface [65542]
{4AE92F6F-956D-4F39-B49E-70265BAFFAA6} (status=259) : No more data is available.
Tue Mar 10 23:11:56 2009 Data Channel MTU parms [ L:1594 D:1450 EF:62 EB:4
ET:32 EL:0 ]
Tue Mar 10 23:11:56 2009 Local Options hash (VER=V4): '7063279a'
Tue Mar 10 23:11:56 2009 Expected Remote Options hash (VER=V4): '1a1b0600'
Tue Mar 10 23:11:56 2009 Listening for incoming TCP connection on
192.168.200.1:1194
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=[ROUTE TABLE of ISA 2004]=-=-=-=-=-=-=-=-=-=-=-=-=-=
IPv4 Route Table
========================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 00 00 00 00 00 ...... VIA Rhine II Compatible Fast Ethernet
Adapter
0x10004 ...00 00 00 00 00 00 ...... 3Com EtherLink XL 10/100 PCI For Complete
PC Management NIC (3C905C-TX)
0x10005 ...00 00 00 00 00 00 ...... Intel(R) PRO/100+ Management Adapter
0x10006 ...00 00 00 00 00 00 ...... TAP-Win32 Adapter V8
=====================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 xxx.xxx.xxx.100 xxx.xxx.xxx.111 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.200.0 255.255.255.0 192.168.200.1 192.168.200.1 20
192.168.200.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.200.255 255.255.255.255 192.168.200.1 192.168.200.1 20
xxx.xxx.xxx.99 255.255.255.240 xxx.xxx.xxx.111 xxx.xxx.xxx.111 30
xxx.xxx.xxx.111 255.255.255.255 127.0.0.1 127.0.0.1 30
xxx.xxx.xxx.255 255.255.255.255 xxx.xxx.xxx.111 xxx.xxx.xxx.111
30
224.0.0.0 240.0.0.0 192.168.200.1 192.168.200.1 20
224.0.0.0 240.0.0.0 xxx.xxx.xxx.111 xxx.xxx.xxx.111 30
255.255.255.255 255.255.255.255 192.168.200.1 10006 1
255.255.255.255 255.255.255.255 192.168.200.1 192.168.200.1 1
255.255.255.255 255.255.255.255 192.168.200.1 10003 1
255.255.255.255 255.255.255.255 xxx.xxx.xxx.111 xxx.xxx.xxx.111 1
Default Gateway: xxx.xxx.xxx.100
=====================================================
Persistent Routes:
None
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
