Changes

From SME Server
Jump to navigationJump to search
1,072 bytes added ,  10:40, 1 September 2008
no edit summary
Line 75: Line 75:  
  port 1194
 
  port 1194
 
  dev tap
 
  dev tap
   
  tls-server
 
  tls-server
   
  dh dh1024.pem
 
  dh dh1024.pem
 
  ca ca.crt
 
  ca ca.crt
 
  cert server.crt
 
  cert server.crt
 
  key server.key
 
  key server.key
   
  auth-user-pass-verify ./validate.sh via-env
 
  auth-user-pass-verify ./validate.sh via-env
 
  client-disconnect ./logoff.sh
 
  client-disconnect ./logoff.sh
   
  up ./openvpn.up
 
  up ./openvpn.up
   
  mode server
 
  mode server
 
  duplicate-cn
 
  duplicate-cn
 
  ifconfig 192.168.100.1 255.255.255.0
 
  ifconfig 192.168.100.1 255.255.255.0
   
  ifconfig-pool 192.168.100.100 192.168.100.200 255.255.255.0 # IP range for OpenVPN clients
 
  ifconfig-pool 192.168.100.100 192.168.100.200 255.255.255.0 # IP range for OpenVPN clients
   
  mtu-test
 
  mtu-test
 
  tun-mtu 1500
 
  tun-mtu 1500
Line 100: Line 93:  
  ping 10
 
  ping 10
 
  ping-restart 120
 
  ping-restart 120
   
  push "ping 10"
 
  push "ping 10"
 
  push "ping-restart 60"
 
  push "ping-restart 60"
   
  push "dhcp-option DOMAIN yourdomain.com"                # push the DNS domain suffix
 
  push "dhcp-option DOMAIN yourdomain.com"                # push the DNS domain suffix
 
  push "dhcp-option DNS 192.168.1.1"                      # push primary DNS entry to the openvpn clients.
 
  push "dhcp-option DNS 192.168.1.1"                      # push primary DNS entry to the openvpn clients.
 
  push "route 192.168.1.0 255.255.255.0 192.168.100.1"    # add route to to protected network
 
  push "route 192.168.1.0 255.255.255.0 192.168.100.1"    # add route to to protected network
   
  comp-lzo
 
  comp-lzo
 
  status-version 2
 
  status-version 2
Line 114: Line 104:     
If you are running this server is "server-gateway mode" you now need to open port 1194 for UDP traffic as this is the default tunnel for OpenVPN. Now go into the Server Manager panel under port forwarding and forward UDP/1194 to "localhost". If your server is in "server mode" nothing needs to be done here.
 
If you are running this server is "server-gateway mode" you now need to open port 1194 for UDP traffic as this is the default tunnel for OpenVPN. Now go into the Server Manager panel under port forwarding and forward UDP/1194 to "localhost". If your server is in "server mode" nothing needs to be done here.
 +
 +
You now need to add the VPN address range as a local networks in the server-manager under the Security section.
 +
 +
Router: IP address of the SME servers LAN net. I this example 192.168.1.1
 +
 +
The last thing you need to do before the installation is complete is to do a small change in the /etc/openvpn/openvpn.up file. Change the 192.168.1.1 value to match router you used when adding a local network.
 +
 +
When you have changed the file to match your network we start the service.
 +
 +
/etc/init.d/openvpn start
 +
 +
Verify that the service is running correctly by issuing an "ifconfig" and see the new "tap0" device
 +
 +
tap0      Link encap:Ethernet  HWaddr 00:FF:A3:3C:75:18
 +
          inet addr:192.168.100.1  Bcast:192.168.100.255  Mask:255.255.255.0
 +
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 +
          RX packets:178204868 errors:0 dropped:0 overruns:0 frame:0
 +
          TX packets:192915252 errors:0 dropped:1880 overruns:0 carrier:0
 +
          collisions:0
 +
          RX bytes:1802570258 (1719.0 Mb)  TX bytes:1338165457 (1276.1 Mb)
 +
 +
==OpenVPN Client Configuration==
177

edits

Navigation menu