Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Centos 5.8, 6.5 Linux Mint 13 & 16, OpenSuse 12
Posts: 112
Rep:
Linux OpenVPN Server
Dear Experts,
I want to setup a openVPN Server for my Organisation. This is
a new area for me. We are having One Main Office and may Branch Offices in the country. I want to set up a server, through which all branch offices will able to connect to a database and web server (Not visible Publicaly). I have read a lot of on this, but it is confusing. Should I
follow Bridged or Routed VPN.
Kindly mention : Is there any specific step by step link to achieve this goal.
The OpenVPN HOWTO is very good and includes a section on "Determining whether to use a routed or bridged VPN".
From what you have written about the very specific things you want to do and the "many" branch offices, "routed" is probably the way to go.
For SOHO systems where the remote user wants VPN to provide a connection exactly as if their computer were physically on the LAN (except slower!), "bridged" would be appropriate.
Thanks for your kind reply. I want to generate the VPN Certificate per client. Is there any way to do this.
Yes -- as it says in the HOWTO. Most of the values are edited into the vars file so the actual certificate generation is relatively quick. Here is from my log, changes in red.
Code:
root@ps1:/etc/openvpn/easy-rsa# . ./vars # Beware -- there is a space between the dots
root@ps1:/etc/openvpn/easy-rsa# ./build-key some_user_name
Generating a 1024 bit RSA private key
...++++++
............++++++
writing new private key to 'some_user_name.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [country_configured_in_vars]:
State or Province Name (full name) [province_configured_in_vars]:
Locality Name (eg, city) [town_configured_in_vars]:
Organization Name (eg, company) [organisation_configured_in_vars]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:some_user_name
Email Address [email_address_configured_in_vars]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[only output from program, no input here]
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
What is the hardware requirement. Does i need one NIC or two and why?
Because this type of novice information is not available anywhere.
The information is available, for example, on Linux Home Networking's VPN page where there is a nice diagram showing VPN servers with a single IP address and thus not needing more than one NIC.
Neither the VPN server nor the VPN client need more than one IP address in the usual scenario. Even if they did you can configure more than one IP on a single NIC.
Typically you will have an OpenVPN server at the main office and the main office's Internet facing router will be set up to port-forward incoming VPN packets to the OpenVPN server on its LAN address.
Alternatively, a more fully-featured Internet facing router may itself have a VPN facility; if you have that option it might be a better way to go than setting up an OpenVPN server.
Distribution: Centos 5.8, 6.5 Linux Mint 13 & 16, OpenSuse 12
Posts: 112
Original Poster
Rep:
Thank you very much. As per your direction my VPN server (Centos 5.3) is working fine. I am able to connect my Servers behind VPN Server from remote location. Just need one more help.. I want to make a vpn client installer for winxp, vista and windows 7. There is no specific answer on the internet on this issue. Kindly share your experience.
Thank you very much. As per your direction my VPN server (Centos 5.3) is working fine. I am able to connect my Servers behind VPN Server from remote location. Just need one more help.. I want to make a vpn client installer for winxp, vista and windows 7. There is no specific answer on the internet on this issue. Kindly share your experience.
Glad you got it working
Here are my notes about installing on Windows clients. Some of the details may differ (need to match client config with server config) but it is a starting point.
Disable security suite, firewall etc. as required
As a member of the Administrators group ...
Run openvpn-2.0.9-gui-1.0.3-install.exe and take all the defaults.
Copy RSA key and certificate files to C:\Program Files\OpenVPN\config\
Copy C:\Program Files\OpenVPN\sample-config\client.ovpn to C:\Program Files\OpenVPN\config (with same name).
dev tap
remote <your domain name> 1194
;persist-tun
ca ca.crt
cert <client name>.crt
key <client name>.key
;comp-lzo (commented out to match server – try enabling on both when tested OK)
# Local addition: enable the management interface
management localhost 7505
Test
Enable security suite, firewall etc., test and configure as required.
Distribution: Centos 5.8, 6.5 Linux Mint 13 & 16, OpenSuse 12
Posts: 112
Original Poster
Rep:
Thanks.. This manual proccedure is working fine on all clients. But i have to implement VPN on Globally with 500 clients. Some vpn clients do not no more than click and play. So i want to make a automated installer with all the required setting at client OS. Please help.
Thanks.. This manual proccedure is working fine on all clients. But i have to implement VPN on Globally with 500 clients. Some vpn clients do not no more than click and play. So i want to make a automated installer with all the required setting at client OS. Please help.
Not my area of expertise or in Linux Questions scope. If you are working for an organisation with so many WXP computers, is there not package/application rollout/deployment expertise within your organisation? There will be lots of information about how to do that on the Internet.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.