January 25, 2012

Questions about setting up OpenVPN

I am looking for a free/cheep vpn server for the LAN in our community. It seems to me that openVPN would fit the bill, but there are a few questions that I would like to ask before spending a great deal of time trying to set it up Our setup is a bit more complex than most, I would say. All traffic to the outside wall passes through our firewall (made by Juniper), so we have one leg facing outwards. We have another leg for our web servers (dmz) and several internal legs for different parts of our network eg one for homes, one for offices and one for a factory. I am interested in forming a vpn with the offices section. WWW FIREWALL | DMZ [ fixed ip] | Homes [ dhcp ] | Offices [ fixed ip ] | Factories [ fixed ip ] I also have at my command an array of external IP addresses and can use one of these to connect directly through the fire wall (with/without a password) to any machine on the LAN. As the administrator, I envisage being able to log into the LAN from anywhere outside the LAN via an IP address or URL like vpn.mycompany.com, receive an ip in the range of the offices and then, to all intents & purposes be part of the network. I have other workers, who I would like to be able to connect up and only have limited services eg being able to connect up to their account on the domain server or map a certain directory on a certain computer. I prefer installing the vpn 'server' using Linux (preferably Slackware), but most of my clients are windows machines. I have looked briefly at openVPN, but cant find a tutorial that I can follow easily - mainly the assume you know what you are doing & understand the terminology. Also, I haven't found any that explains the physical setup needed, for instance, where do I place the server in the above diagram? What hardware do I need? What ports do I need open in the firewall? I dont envisage heavy traffic & only a few clients connected at the same time. If anyone can help me or just point me in the right direction, I would be most grateful. Arieh

OpenVPN is a fairly advanced in relation to SSTP, and makes use of OpenSSL...

OpenVPN is a fairly advanced in relation to SSTP, and makes use of OpenSSL libraries and SSLv3 and TLSv1 protocols. OpenVPN can run on both UDP port and TCP, meaning that it combines HHTP over SSL as its de facto transmission model, making it nearly impossible to block.The primary advantage of OpenVPN is its very use of OpenSSL library which employs a variety of updatable cryptographic algorithms including 3DES, Blowfish, AES, Camellia, CAST-128 and others. [url=http://www.bestvpnservice.com/providers/321/ironsocket.html
]Iron socket[/url] is one of the top 5 open vpn in market.

Like  (0 likes)

And about hardware - any modern computer would be enough, even used one....

And about hardware - any modern computer would be enough, even used one.
Place it near your web-servers hardware, open ports depend on vpn type choosen, for openvpn 1194 tcp/udp is a default, but you can reconfigure.

Like  (0 likes)



Do You still need some help?

First, may be your Juniper applince has some integrated VPN option?
Second, OpenVPN does good option, but you need manually setup openvpn driver to every windows client. Alternatively, you can use l2tp or pptp linuxbased vpnserver and use integrated windows client software to connect to VPN. All these options are free.
There are many tutorials available on the internet, but if you need further help, please contect me on surae@yandex.ru (XMPP or email).

goog luck ;)

Like  (0 likes)

Hi, I would say OpenVPN can meet your requirements. I have set-up to OpenVPN...

Hi, I would say OpenVPN can meet your requirements. I have set-up to OpenVPN servers, one for general road warrior use and the other for an inter-office link. For both, I used the FAQ and other documentation in the community section of OpenVPN's website. In terms of positioning of VPN server and access it is hard to comment without some clarity on requirements which would be inappropriate for an open discussion. Leaving the DMZ aside, one could ordinarily have in inward pinhole in the firewall that allows the VPN traffic (default UDP 1194). I have only used OpenVPN in its routing configuration and that seems to work fine. When I connect up, I get an IP address in a separate range from the normal LAN IP's (by default 10.8.x.x) but it is fully route-able within the private network, although you may need to put a static route in your router(s). Locking things down further would be down to standard tools such as IPTables on the VPN Server. Certainly Windows clients connect smoothly and reliably. The inter-site connection was a big pain to set-up but the routers provided by the ISP wouldn't utilize static routes, even though it allowed their configuration. Hours were lost to that one. The intersite link VPN carries VOIP between handsets and asterisk server, which works surprisingly well.

My only concern is how IPv6-ready OpenVPN is. Things may have progressed since I last looked.

Best of luck and hope this helps.

Like  (0 likes)
Click Here!