[SOLVED] Need help to configure a VPN server

[alex6]

Hi, I have looked for documentation about configuring a VPN server but didn't find anything on gentoo wiki.

My goal would be to use 2 computers, one server on gentoo and a client on debian, from a distant connexion and make the applications think they are in LAN.

I installed openVPN on both machines, but I really have no idea how to configure it ! (I'm a bit noob about network things...)

I followed this guide : http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html#lbAV
But it seems it doesn't really explain how to configure a server...

I added the TUN module to my kernel and modprobed it, but now, what I am supposed to do ?

I found this thread but seems a bit old, maybe it's outdated ? https://forums.gentoo.org/viewtopic-t-538662-start-0.html

I have no idea what these commands on that last link would do and also what I should replace from the examples of configuration...

Any help would be appreciated

[gerdesj]

To help point you in the right direction but there really are a huge amount of docs out there.

You can use a pre shared key rather than the full SSL/TLS thing with easy-rsa or whatever which will make starting up a lot easier! Generate one like this:

#openvpn --secret mysecret.key

Gentoo specific stuff:

The init script is clever and allows multiple tunnels. Decide on a name for the tunnel - eg FRED

#ln -s /etc/init.d/openvpn /etc/init.d/openvpn.FRED

Now create your config as /etc/openvpn/FRED.conf

#/etc/init.d/openvpn.FRED start

Keep it simple at first and add features later.

You will need different network address ranges local and remote otherwise direct routing wont work.

If your network and the remote one have the same range then all you will be able to do is "tether" each machine to the other one via the tunnel network.

If your machines are not the routers for their respective subnets then you will need to look into NATting to get site to site working properly.

You don't give much detail so I can't be more specific. I run a lot of OpenVPN tunnels in one form or another but I can't read minds

Cheers
Jon

[alex6]

Well thanks for these explanations.

I used the following config file

[gerdesj]

You actually make up the server <network range> !

This range is purely a fiction and is implemented as a sort of virtual subnet to glue together the routing.

I would pick a random 10.x.y.0/24 range so that it stands out amongst 192.168.whatever subnets. The opposite is true as well ie use 192.168.x/24 for 10.x.y real LANs. It makes tracking through Wireshark and logging easier on the eyes.

Your server will become .1 and the clients will get addresses from the range. You can literally use any range you like but I recommend a /24. The minimum is /30 - one for the network, one for broadcast, one for the server and one address remaining for one client.

If you are not sure what I am on about then stick in:

[alex6]

Ok thx for these explanations

I finished the config and my server now can start.
Now I will only have to find a simple way to explain the client what to do...He's using debian so I guess a few things will be different.

And last step will be understanding how to make the applications (for example wine) use the new net device...

[alex6]

Everything working !

In order to have applications like game working as LAN through the VPN, the tap device must be used instead of the tun device (they both are in TUN module of the kernel)

Also a route has to be made to the device :