More OpenVPN Stuff

For a while there, even though I had got my VPN server at home configured and I was able to connect, however, I could not surf or do anything network wise (except ssh into my home network boxes).

So, I started trying to figure out what I was doing wrong. I traced it down to a DNS problem and here’s my posts
on LQ trying to figure things out. In case, someone has the same problem, I wrote this post.

Below are my server and client config files.

##Server Config File##

local 192.168.1.150
port 1194
proto udp
mssfix 1400
dev tun0

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem

tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
server 10.8.0.0 255.255.255.0
push “route 192.168.1.0 255.255.255.0″

#192.168.1.0 is my home network subnet

push “redirect-gateway def1″
push “dhcp-option DNS a.b.c.d”
push “dhcp-option DNS d.c.b.a”

#substitute your DNS server values for the above entries

ifconfig-pool-persist ipp.txt
keepalive 10 120
cipher BF-CBC
comp-lzo
max-clients 100
persist-key
persist-tun
verb 1
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
group nobody

——————

##Client Config File

client
dev tun
proto udp
remote x.x.y.z 1194
#subsitute the value for your external WAN interface at home
nobind
persist-key
persist-tun
ca /path/to/your/keys/ca.crt
cert /path/to/your/keys/client1.crt
key /path/to/your/keys/client1.key

tls-auth /path/to/your/keys/ta.key 1
cipher BF-CBC
ns-cert-type server
comp-lzo
verb 3
mute 20
up /etc/openvpn/client/client.up
down /etc/openvpn/client/client.down
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log

———————

Even though my routes were being added now, I still couldn’t connect or surf the net. I could use an IP address
to surf, but that wasn’t enough. So, I checked my resolv.conf  file on the client and sure enough
for some reason my resolv.conf file wasn’t being updated. So, I created two scripts (client.up and client.down) to help me resolve this problem. Pretty much what the scripts do is, I have a copy of the resolv.conf file on my client which I use at home, the scripts moves the values
from the current resolv.conf file and saves it to a temp file and copies the resolv.conf file
which usually works when I’m at home. I know this is a dirty way of doing things, but until I
figure out why the client is not taking DNS values from the client, I guess this is the way I’ll
have to go with this.

~ by brokenflea on November 19, 2006.

Posted in FreeBSD, How-To's, Linux, Technology, opensource

Leave a Reply

You must be logged in to post a comment.