Run OpenVPN on Windows, Mac and Linux/Unix - Page 2

By Paul Rubens | Posted Feb 11, 2009
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Client Configuration File

#client  config file start
client
dev tap
proto udp

remote XXX.XXX.X.XXX 1194 #Change the Xs to the static public IP address of your home or office network. If you do not have a static IP enter you dyndns name (like yourhost.dyndns.org) here. If you changed the port from 1194 to another port number in the server config change the 1194 here to the appropriate port number

route 192.168.1.0 255.255.255.0 vpn_gateway 3 #Change this to the IP address scheme and subnet of the local network your server is on.

resolv-retry infinite
nobind
persist-key
persist-tun

ca "C:\Program Files\OpenVPN\easy-rsa\keys\ca.crt" #change this to “/etc/openvpn/ca.crt” on Linux/BSD/Unix systems

cert "C:\Program Files\OpenVPN\easy-rsa\keys\client1.crt" # change this to “/etc/openvpn/client1.crt” on Linux/BSD/Unix systems key

key "C:\Program Files\OpenVPN\easy-rsa\keys\client1.key" # change this to “/etc/openvpn/client1.key” on Linux/BSD/Unix systems. This key file should be kept secret

ns-cert-type server

cipher BF-CBC # Blowfish (default)If you prefer, you can use one of the two ciphers listed below

#cipher AES-128-CBC   # AES 
#cipher DES-EDE3-CBC  # Triple-DES
comp-lzo
verb 1
# user nobody   # remove the first # at the start of the line for Linux/BSD/Unix systems
# group nobody  # remove the first # at the start of the line for Linux/BSD/Unix systems
# end of client config file

Save this configuration file as a text file called client1.ovpn, and save it to c:Program FilesOpenVPNconfig (Windows) or /etc/openvpn (Linux/BSD/Unix) on your client device

Setting Up the Router

There are a couple of configuration changes that need to be made to the router connected to your server in order for OpenVPN to work properly.

Port Forwarding

Port forwarding ensures that any traffic sent to your router from the Internet on port 1194 (or the port that OpenVPN is configured to use in the configuration files) is forwarded to the local IP address of your server machine. To ensure this does not change you need either to configure the server machine to have a static local IP address, or to configure the DHCP server in your router to always assign the same local IP address to your server.

To configure port forwarding, log on to your router’s configuration page, find the option for port forwarding, and enter the following information:

  • Name: OpenVPN
  • Protocol: UDP
  • Starting Port: 1194 (change this as necessary)
  • End Port: 1194 (change this as necessary)

Forward to: 192.168.1.15 (change this to the local IP address of your OpenVPN server)

You’ll also the following routing information on your router’s “routing” or “advanced routing” page, to ensure that data can travel between the OpenVPN link and other devices on your home or office network:

  • Route name: OpenVPN
  • Destination LAN IP: 192.168.10.1 (change this to the virtual IP address specified in the server configuration file)
  • Subnet Mask: 255.255.255.252
  • Default Gateway: 192.168.1.15 (change this to the IP address of your home computer)

Running OpenVPN

Figure 3To run OpenVPN, you need to start OpenVPN first on the server, and then on the client. Remember that the client machine needs to be connected to a different network.

  • Starting the server using Windows: Start OpenVPN GUI, then right click on the program’s icon in the system tray, select “server” and then “connect”.
  • Starting the server using OS X: From the Tunnelblick OpenVPN GUI select Connect “server”
  • Starting the server using Linux/BSD/Unix: Start a terminal window, then as root (or using sudo) type: openvpn –-config /etc/openvpn/server.ovpn

Figure 4Repeat the process on the client machine, replacing “client1” for “server”

Testing OpenVPN

To confirm OpenVPN is working, try pinging another device connected to your LAN using its LAN IP address.

You can also open a browser on your client machine, and check your IP address by visiting a site like http://whatsmyip.org/ If OpenVPN is working correctly the IP address of your server, not your client machine, will be shown.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter