i want to know what exactly can i do with VPN

for example... i have a network with servers..with ip private 10.41.0.0 that uses NAT with a router...

my question is... if i configure a VPN server ...
that will make a tunnel... but

at other place ... with Windows OS
can i connect to the servers Windows through the VPN
configured on LINUX

or only the clients can acces to the information of the VPN server...?????

and i am using OpenVPN which option is better for that
routed or bridged.. i even cant understand the diferences betwen they....

to my knowledge bridged vpns will allow a single network to span two seperate locations. you have a bunch of machines in multiple locations all living on 192.168.1.0/24 for example. in a routed vpn you would have a different network on each site and add a route to your network to point the remote site down the tunnel explicitly. generally i'd strongly suggest the simpler architectuure of the routed approach each time. once you have the vpn configured you can access any computer from anywhere else in your private address space.

ok then you prefer routed ...

how does it works?? the vpn comes from a ETH0 and the local network is at ETH1 ??? or at the same interface can i make the vpn and have acces to the network????

and do you know if the clien has to have a public ip

because .. in my case... the client has a cablemodem conexion to internet and by dhcp has 10.8.119.181 =( a private,,

can i configure anyway the vpn??

A few things about routed vs. bridged.
Each should be used in its own situation. Routed is useful for security because it keeps networks apart. Even in a physical scenario, you would want to keep a DMZ separated from the workstations. Bridging is useful when literally want a `virtual' network (i.e., the machines work exactly as if they are just plugged into the same hub/switch).

As for the interfaces question, usually a tunnel device is created (tun0 or similar) specifically for the VPN.

If your cable company has you on a private address, it means your NATed. Any VPN implementation that can solve NAT-Traversal will allow you to establish a connection. This is the same for a road warrior who brings his laptop to an internet cafe (a `classic' scenario in theoretical VPN).

a vpn doesn't necessarily come out of any ethernet interface, it will simply head in the direction that the remote peer lives in. if you have a router with a single 192.168.0.0/24 on eth0 and internet via eth1 then yes that's the direction the traffic would take.

essentially with a vpn you define what traffic (i.e. destination subnet) lives at the other end of that tunnel. when the local vpn end point (your router) recieves a piece of data for the remote private network it encapsulates the data securely and then at application level (i.e. like a webpage, irc connection or whatever) sends that packet to the remote peer. that peer then knows how to decrypt that packet and then releeases it onto it's local destination network. so you have private to private addressing via a public network which has no idea where these two private networks live.

There are many on-line resources such as this WikiPedia article, with links.

Basically... VPN in "tunnel" mode makes a portion of the network addresses on one side of the tunnel visible on the other (it may or may not be a two-way visiblity), for specified types of traffic. Once the tunnel is established, any authorized user can employ it. The encryption and other services of VPN are invisible to the clients, who see the addresses as just ordinary IP's.

VPN, like most things, is full of confusing jargon and TLA's (three-letter acronyms ) but the essential ideas are simple. It's a rugged, industrial-strength facility which permits ordinary, un-modified applications to communicate securely across a non-secure network like the Internet, while enjoying the following benefits (among others) automatically:

• The communications are securely encrypted, with robust, peer-reviewed algorithms, using randomly chosen keys that might be refreshed while the conversations are going on.
• You know that the party you think you are connected to, really is that party.
• You know that all of the packets that you sent, were received and were not modified in-transit.
• You know that forged packets or replayed packets were not injected into the data stream.
• There is very little loss of speed vs. unencrypted communication.
• Some of the best brains in the business, including some with advanced security clearances, have contributed to the open standard and constantly peer-review its implementations.

(These benefits being enjoyed, of course, only if VPN is configured and deployed correctly, and in an environment requiring the level of security that VPN was intended to provide.)

ok i configured the vpn FINALLY...

i used poptop at slackware server (pptp)

and i connected my windows to the linux vpn server from other place with vpn default from windows

when i connect to the vpn server ,... the "ipconfig" at my windows shows..
198.168.0.1 ... but could ping to the server by the ip private of the server 10.41.0.15 i think doesnt matter because i could ping the server by a private ip ... the tunnel is made... well

now... i want to access to the machines that are in the segment of my vpn server by the VPN

for example the vpn server has 10.41.0.15 and other webserver has 10.41.0.1

can i acces from my house windows to the windows web server 10.41.0.1 ????? by the vpn stablished??

what can i do????

the vpn server at the config file to the clients must assign 10.0.0.2 - 20
i dont know why at my windows client ip config show 192.168.0.1

I suggest listening to the episodes of steve gibson's securitynow! podcast where he explains vpn in detail