We will do this with easy-rsa which comes with openvpn: Push "dhcp-option WINS 10.8.0.1" #I got samba running with WINS for netbios-names through VPN # enable the following two lines if you want your traffic through vpn Key /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/myServer.keyĭh /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pemĬlient-to-client #clients can communicate # we will create these files later, remember to change the names if you create different keysĬa /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/ca.crtĬert /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/myServer.crt Local 192.168.0.2 #lan ip of the dockstar OpenVPNįirst of all we need to install the package: With this knowledge we are ready to install and configure openvpn and the firewall e.g. The icmp-package will be send to dockstar’s eth0 (192.168.0.2) and forwarded to the VPN-client (10.8.0.6). In dd-wrt you can set it in the web interface: Setup->Advanced Routing. Now the additional route in the router comes to work. Well, by default the router doesn’t know the VPN either and will forward the package to its default gateway, yes, its the first hop of your ISP! So we need to redirect packages to 10.8.0.0/24 back to the dockstar. Assuming the LAN-host’s firewall doesn’t block packages from/to 10.8.0.0/24, it will send out the respond-package to its default gateway (192.168.0.1) because the lan hosts doesn’t know anything about the VPN. The dockstar directly forwards the icmp-package to the LAN-host. The VPN-client knows about the LAN, because it gets pushed a valid route by the openvpn-server. The ping starts at the VPN-client 10.8.0.6 into the vpn tunnel to the tun device on the dockstar 10.8.0.1. Let me explain the path of the packages of a ping from a remote machine to a host in the LAN. I assume you don’t use your dockstar as the default gateway for your LAN, so you will need an additional route in the router: You probably don’t use a firewall on the debian machine, but you will have to, because we need package forwarding to reach the home net through the VPN tunnel. In my setup I have a dd-wrt router connected to the internet and forwarding all needed ports to the dockstar. Well, if you want to have a secure connection to your dockstar or even your home net, this post describes all steps you have to take to get this done.
0 Comments
Leave a Reply. |