Tags: ,


Forum Replies

  1. Another question: I’ve messed up my client.conf file by previously installing a user cert & key files to my client. Even though I completely removed openvpn & reinstalled it, it did not create a new client.conf. After doing the openvpn command to setup the use of the client it still contained the following:

    ca ca.crt
    cert Laptop.crt
    key Laptop.key
    

    What should I do with the latter 2 lines?

    Also, I do not yet have a static ip address (for my router) & ddclient has disappeared from the Ubunto repos. What’s the recommended procedure (in Precise & Trusty) to use h

    ... Continue reading in our forum

  2. Hi John,

    If you don’t want user certificates then using Basic with username/password authentication is the way to go. The only requirement is adding the ca.crt file from the OpenVPN server.

    Once you are able to connect you will have a VPN tunnel between your client and the server but that’s it. If you want the VPN to access other networks then first we need to tell the server that it should forward IP traffic:

    <strong>cat /proc/sys/net/ipv4/ip_forward</strong>
    0
    

    The “0” means no forwarding so let’s change it:

    <strong>sudo sysctl -w net
    ... Continue reading in our forum

  3. Hi Rene,

    Thanks for your reply and wonderful link.
    Can i check if my following understanding is correct

    1a) tunneling is used when the src/dst network is prohibited/unreachable between 2 connected points due to FW issue or as in your example, internal network going over WAN to another.

    1b) if the source and destination network are reachable to one another, there will be no need for tunneling.

    2a) tunnel interface are “virtual/logical” interface in which they are “tag” to the actual physical interface and uses the physical interface to actually send out the enc

    ... Continue reading in our forum

  4. Here are the answers to your questions:

    1a) This is correct, this is probably the main reason why you want to use tunneling.

    1b) There is another reason why you want to use tunneling. For example, IPsec doesn’t support multicast. If you want to encrypt multicast traffic with IPsec then you will have to create a GRE tunnel and then encrypt the GRE tunnel with IPsec.

    2a) These are virtual interfaces yes but they aren’t really “attached” to the physical interface.

    2b) This is correct but we don’t use the word gateway for this. From the router’s perspective, the IP

    ... Continue reading in our forum

  5. 2a) That’s correct, you’ll always need the physical interface to actually transmit the data.

    2b) The normal gateway will remain the default gateway. However, some extra entries might appear in the routin table of the computer.

    If you want to play with VPNs on your computer then you could use two virtual machines with OpenVPN (one server, one client) or you could try GNS3 to emulate a Cisco router and use one virtual machine as the VPN client.

    Normally with a VPN client, the VPN server won’t know the network behind the computer. Also, your computer is no router

    ... Continue reading in our forum

10 more replies! Ask a question or join the discussion by visiting our Community Forum