1. OpenVPN site to site setup
Side-A:
Router/Gateway: 192.168.1.1
WAN-Address: het-a.zeldor.biz
Firewall:
iptables -A INPUT -i ppp0 -p udp --dport 8001 -j ACCEPT
iptables -A INPUT -p ICMP -s 10.0.0.2 -j ACCEPT
iptables FORWARD -i tun1 -s 10.0.0.2 -d 192.168.1.0/24 -j ACCEPT
Enable routing:
echo 1 > /proc/sys/net/ipv4/ip_forward
Config Side-A:
remote het-b.zeldor.biz
float
port 8001
dev tun
ifconfig 10.0.0.1 10.0.0.2
persist-tun
persist-local-ip
persist-remote-ip
comp-lzo
ping 15
secret /etc/openvpn/vpn.key
route 192.168.2.0 255.255.255.0
chroot /tmp/openvpn
user nobody
group nogroup
log-append /var/log/openvpn/vpn.log
verb 1
2. Side-B:
Router/Gateway: 192.168.2.1
WAN-Address: het-b.zeldor.biz
Firewall:
iptables -A INPUT -p udp --dport 8001 -j ACCEPT
iptables -A FORWARD -p tcp -s 10.0.0.1 -d 192.168.2.0/24 -j ACCEPT
iptables -A FORWARD -p udp -s 10.0.0.1 -d 192.168.2.0/24 -j ACCEPT
iptables -A FORWARD -p icmp -s 10.0.0.1 -d 192.168.2.0/24 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEP
iptables -A FORWARD -p icmp -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
Config Side-B:
remote het-a.zeldor.biz
float
port 8001
dev tun
ifconfig 10.0.0.2 10.0.0.1
persist-tun
persist-local-ip
persist-remote-ip
comp-lzo
ping 15
secret /etc/openvpn/vpn.key
route 192.168.1.0 255.255.255.0
chroot /tmp/openvpn
user nobody
group nogroup
log-append /var/log/openvpn/vpn.log
verb 1
Enable routing:
echo 1 > /proc/sys/net/ipv4/ip_forward
Generate a security key on Side-A and copy it to Side-B:
openvpn --genkey --secret /etc/openvpn/vpn.key
scp /etc/openvpn/vpn.key root@het-b.zeldor.biz:/etc/openvpn/vpn.key
Establish VPN connection(execute on both sides):
openvpn --config /etc/openvpn/vpn.conf
3. Your remote address could be a IP or hostname or dyndns alias.
Test connectivity: (use ping traceroute)
traceroute to 192.168.2.36 (192.168.2.36), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 0.343 ms 0.371 ms 0.431 ms
2 10.0.0.2 (10.0.0.2) 29.157 ms 29.342 ms 29.417 ms
3 192.168.2.36 (192.168.2.36) 30.261 ms 30.626 ms 30.831 ms
Finally:
service iptables start
iptables --flush
service iptables save
service iptables restart
service network restart
iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain # Delete all chains that are not in default filter
/sbin/service openvpn start
openvpn client.conf
/sbin/iptables -L
iptables -L -t nat –n
ip route
route –n
tracert {what_ever_ip_address}
netstat -ao |find /i "listening"
Open VPN Connectivity Testing:
tail -f /var/log/openvpn-status.log
tail -f /var/log/openvpn.log
REF:
REF: http://zeldor.biz/2010/12/openvpn-site-to-site-setup/
REF: http://blog.wains.be/2008/06/07/routed-openvpn-between-two-subnets-behind-nat-gateways/
REF: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=372052
REF: http://www.garron.me/linux/scp-linux-mac-command-windows-copy-files-over-ssh.html
REF: http://www.cyberciti.biz/tips/configuring-static-routes-in-debian-or-red-hat-linux-systems.html
REF: http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/6da25e69-e5b9-4cd4-a3d9-a20feb412257/
REF: https://forums.openvpn.net/topic9465.html