need help installing openVPN

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Ok I am going to take the plunge and try installing openVPN and try
getting it to work. If anybody can help me along I would really appreciate
it. I printed out the HOW-TO install guide from and
will do my best. A little hand-holding would be appreciate, I know enought
to be dangerous. I use Mandriva LE2005, been using Linux for several
years. As I use wifi with my laptop out and about at cafes, I want to set
up a VPN between my wifi laptop and a home PC running a VPN server program.

I have urpmi setup, so I am first going to try installing openVPN on both
my laptop and Desktop (to serve VPN).

Re: need help installing openVPN

Proteus wrote:
Quoted text here. Click to load it

There are many different ways of setting up OpenVPN.

My recommendation is:

  - tunneling at network layer (use tun0, not tap0),
  - a separate RFC1918 subnet for the VPN (e.g. 192.168.x.y)
  - UDP transport on the standard port (1194),
  - SSL encryption and key exchange

An option to public-key SSL is to use pre-shared keys.

The details are in OpenVPN documentation.



Tauno Voipio
tauno voipio (at) iki fi

Re: need help installing openVPN

On Wed, 23 Nov 2005 20:57:00 +0000, Tauno Voipio wrote:
Quoted text here. Click to load it

ok i will be sure to go with tun0

Quoted text here. Click to load it

Not sure what that is, but my router has been set up as as
gateway, subnet mask, and thus my main PC is
-- so I hope that is ok to go with for now? (see below)

Quoted text here. Click to load it

yes I will go with UPD and 1194

Quoted text here. Click to load it

Ok I got openvpn installed using urpmi, it was quite easy, now for the
hard part, configuring it. It looks do-able though, I am actually rather
excited to get it installed!

Can I still leave my home cable router home PC LAN setting as as the local address (gateway) with subnet mask
(so that my main PC is, etc)-- or do I need to change my
router LAN network to something else? In the openVPN documentation
on setting it up, it talks about "Numbering Private subnets", where / (10/8 prefix, whatever that means) is
reserved block of IP address space for private interent protocols. The doc
says "The best solution is to avoid using or
LAB network addresses. Instead, use something that has a lower probability
of being used in a Wifi cafe, etc. The best candidates are subnets in the
middle of the vast netblcok (for example"  I
want to have my router set up correctly first, then I think I will be able
to configure the config files with a little help.

Re: need help installing


Quoted text here. Click to load it

The subnet for the VPN must not conflict with the subnet being used for
ethX to talk to your your router or any other local subnets. The VPN uses
tun0 as though it were a real interface. Think of it as a "wire" running
between tun0 on one PC to the tun0 on the other. Each end of the "wire"
needs an ip address on the same subnet so you can route packets over the
tunnel. These are usually set up as a private RFC subnet but must not
conflict with any other private RFC subnets you are using. The Open VPN
Server can supply the address to the client as part of the process of
bringing up the tunnel which is actually established via ethX's ip
address. e.g you could have:

tun0 of the server could be
tun0 at the client gets assigned 192.168.250.x where x not= 1

You can route other subnets over the VPN tunnel via pushroutes in the
OpenVPN config or just add the routes after the VPN is established.
Quoted text here. Click to load it

Leave your PC lan and router setup alone. Just choose the VPN subnet so it
doesn't conflict with anything you already have.

Quoted text here. Click to load it

Again, don't touch your router config. As long as normal internet access
is working, leave it alone. The only thing is if the router has a firewall
on it - you will have to make sure udp port 1194 is allowed through to get
the VPN tunnel established. The traffic actually carried over the VPN just
looks like udp port 1194 packets containing gobbledegook (because the real
data packets are encrypted and packeged up inside the UDP 1194 packets).


 * Synchronet * The Whitehouse BBS --- --- check it out
free usenet!
--- Synchronet 3.15a-Win32 NewsLink 1.92
Time Warp of the Future BBS - telnet://

Re: need help installing openVPN

On Thu, 24 Nov 2005 17:17:29 +1300, Llanzlan Klazmon wrote:
Quoted text here. Click to load it

Thank you Klazmon for the clarification, this is all strange to me, but I
am feeling like I WILL get it working, and then I can help others how to
do it too in the future. Ok I am only going to set up the UDP port and
port forwarding and such on my hardware router, I will not alter my
router's LAN and subnet mask settings. Thanksgiving today, so I will work
more on setting up the VPN later today and tomorrow. Thanks all for the
help thus far!

Re: need help installing

Quoted text here. Click to load it

I tend to use OpenVPN as a point to point link, like this (with
pre-shared keys), and add exactly the routes I want.  I re-use the IP
address of the internal network on the tun interface (no need for a
different one).

My local network is 172.16.x.y, the remote network is 172.17.x.y and this
connects the two gateway machines together.

vpnX.conf ------------------------------------------------------------
# OpenVPN configuration file
# using a pre-shared static key.

# Use a fixed name tun device.
dev tun-X

# remote end - comment this out if the other end is dynamic IP

# local, remote IPs of the tunnel

# Start routes
up ./vpnX.up

# Our pre-shared static key
secret vpnX.key

# Port number to use
port 12221

# Compress

# Send a UDP ping to remote once every N seconds to keep stateful
# firewall connection alive.  iptables has a 3 minute timeout on UDP
# by default so 1 minute should be adequate here
; ping 60

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet.
# 5 -- medium output, good for normal operation.
# 8 -- verbose, good for troubleshooting
verb 5


vpnX.up ------------------------------------------------------------
route add -net netmask gw $5

I've found OpenVPN to be by far the most reliable and easy to setup VPN!

 * Synchronet * The Whitehouse BBS --- --- check it out
free usenet!
--- Synchronet 3.15a-Win32 NewsLink 1.92
Time Warp of the Future BBS - telnet://

Site Timeline