Something Emporium

I have spent a bit of time recently working on creating a VPN for my home network. I now have a Cobalt RaQ, firewalling my network (instead of silly little D-Link inbuilt fire wall). On top of this i now have a VPN using a TAP instead of a TUN interface. I won't go into the details of why i am using TAP instead of TUN, except for the following point:

TUN does not support the ability to use the Broadcast IP xxx.xxx.xxx.255. This creates problems for creating LAN games and using windows file sharing etc on your VPN.

So i decided to go ahead and use the good ol OpenVPN client/server. I am a fan of open source and the fact that pretty much every website i went to recommended it. Also, due to its popularity, OpenVPN has a whole lot of guides and HOW-TO's laying about. The only problem i ran into is the fact that not many of the HOW-TO's were windows server based and/or were for an outdated version of OpenVPN.

The only thing you need is the OpenVPN 2.0.9 installer available on their website, www.openvpn.net. I am using this stable version instead of the Beta as i really didn't want to sit there and try and figure out their new commands. The only other thing you may need to do is sit on their website and read the VPN presentation they have on their main page if you are curious. That and Pinholing your router.

The instructions below apply to a Windows Server:

Step 1: Install OpenVPN (default settings are absolutely fine)

Step 2: Bridge the new TAP interface in your control panel with your internet connection. NOTE: When you do this, it assigns a new MAC address to your new NIC (bridged connection) and thus any DHCP reservered settings will need to be changed to reflect this.

Step 3: Follow the instructions on the OpenVPN page on how to create client/server keys

Step 4: Create a new file called server.ovpn (name is unimportant) and put the following text in it:

mode server
port 1194 #or your desired port
proto udp #better to use UDP as using TCP is double redundancy
dev tap
persist-key
persist-tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-server
ifconfig-pool-persist ipp.txt
ifconfig-noexec
server-bridge 192.168.xxx.xxx 255.255.255.0 192.168.xxx.xxx 192.168.xxx.xxx #<OpenVPN Server IP> <Net mask> <DHCP Assign From> <DHCP Assign To>
client-to-client #let clients access clients
keepalive 10 120
comp-lzo
status openvpn-status.log #log in the log
verb 3 #provide feedback. 3 is good for debug, 1 is good for operation

The server-bridge statement is a pain. Took me a while to get around that. An example of this is:

server-bridge 192.168.5.2 255.255.255.0 192.168.5.100 192.168.5.109

This says the OpenVPN server has an IP of 192.168.5.2 and it gives clients one of 10 IP's between the range of 192.168.5.100 -> 192.168.5.109. So change these settings to your network settigns and you are away laughing.

Step 5: Right click your file (server.ovpn) and click "Start with OpenVPN"

Step 6: Get clients to connect

For the Client side:

Step 1: Install OpenVPN (default settings work)

Step 2: Create a file called client1.ovpn (name unimportant but good to diferentiate from others) with the following text in it:

client
dev tap #must match server setting
proto udp #must match server setting
remote hostname port #for example, www.somethingemporium.com 1194
resolv-retry infinite
nobind
ca ca.crt
cert client1.crt
key client1.key
tls-client
persist-key
persist-tun
comp-lzo
verb 3 #once again with the verbose above

Step 3: Right click your new file and click "Start with OpenVPN"

Notes:

• This will not work if you are on the same network, client must be on an external connection otherwise IP conflicts for some odd reason

Other than that, Dom sorry for the long post, Everyone else, deal with it. Any questions, let me know.