One key sheard site to site open vpn
•
0 likes•19 views
Email: chanaka.lasantha@gmail.com
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to One key sheard site to site open vpn
Similar to One key sheard site to site open vpn (20)
More from Chanaka Lasantha
More from Chanaka Lasantha (20)
Recently uploaded
Recently uploaded (20)
One key sheard site to site open vpn
- 1. OpenVPN site to site setup Side-A: Router/Gateway: 192.168.1.1 WAN-Address: het-a.zeldor.biz Firewall: iptables -A INPUT -i ppp0 -p udp --dport 8001 -j ACCEPT iptables -A INPUT -p ICMP -s 10.0.0.2 -j ACCEPT iptables FORWARD -i tun1 -s 10.0.0.2 -d 192.168.1.0/24 -j ACCEPT Enable routing: echo 1 > /proc/sys/net/ipv4/ip_forward Config Side-A: remote het-b.zeldor.biz float port 8001 dev tun ifconfig 10.0.0.1 10.0.0.2 persist-tun persist-local-ip persist-remote-ip comp-lzo ping 15 secret /etc/openvpn/vpn.key route 192.168.2.0 255.255.255.0 chroot /tmp/openvpn user nobody group nogroup log-append /var/log/openvpn/vpn.log verb 1
- 2. Side-B: Router/Gateway: 192.168.2.1 WAN-Address: het-b.zeldor.biz Firewall: iptables -A INPUT -p udp --dport 8001 -j ACCEPT iptables -A FORWARD -p tcp -s 10.0.0.1 -d 192.168.2.0/24 -j ACCEPT iptables -A FORWARD -p udp -s 10.0.0.1 -d 192.168.2.0/24 -j ACCEPT iptables -A FORWARD -p icmp -s 10.0.0.1 -d 192.168.2.0/24 -j ACCEPT iptables -A FORWARD -p tcp -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT iptables -A FORWARD -p udp -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEP iptables -A FORWARD -p icmp -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT Config Side-B: remote het-a.zeldor.biz float port 8001 dev tun ifconfig 10.0.0.2 10.0.0.1 persist-tun persist-local-ip persist-remote-ip comp-lzo ping 15 secret /etc/openvpn/vpn.key route 192.168.1.0 255.255.255.0 chroot /tmp/openvpn user nobody group nogroup log-append /var/log/openvpn/vpn.log verb 1 Enable routing: echo 1 > /proc/sys/net/ipv4/ip_forward Generate a security key on Side-A and copy it to Side-B: openvpn --genkey --secret /etc/openvpn/vpn.key scp /etc/openvpn/vpn.key root@het-b.zeldor.biz:/etc/openvpn/vpn.key Establish VPN connection(execute on both sides): openvpn --config /etc/openvpn/vpn.conf
- 3. Your remote address could be a IP or hostname or dyndns alias. Test connectivity: (use ping traceroute) traceroute to 192.168.2.36 (192.168.2.36), 30 hops max, 60 byte packets 1 192.168.1.1 (192.168.1.1) 0.343 ms 0.371 ms 0.431 ms 2 10.0.0.2 (10.0.0.2) 29.157 ms 29.342 ms 29.417 ms 3 192.168.2.36 (192.168.2.36) 30.261 ms 30.626 ms 30.831 ms Finally: service iptables start iptables --flush service iptables save service iptables restart service network restart iptables --flush # Flush all the rules in filter and nat tables iptables --table nat --flush iptables --delete-chain # Delete all chains that are not in default filter /sbin/service openvpn start openvpn client.conf /sbin/iptables -L iptables -L -t nat –n ip route route –n tracert {what_ever_ip_address} netstat -ao |find /i "listening" Open VPN Connectivity Testing: tail -f /var/log/openvpn-status.log tail -f /var/log/openvpn.log REF: REF: http://zeldor.biz/2010/12/openvpn-site-to-site-setup/ REF: http://blog.wains.be/2008/06/07/routed-openvpn-between-two-subnets-behind-nat-gateways/ REF: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=372052 REF: http://www.garron.me/linux/scp-linux-mac-command-windows-copy-files-over-ssh.html REF: http://www.cyberciti.biz/tips/configuring-static-routes-in-debian-or-red-hat-linux-systems.html REF: http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/6da25e69-e5b9-4cd4-a3d9-a20feb412257/ REF: https://forums.openvpn.net/topic9465.html