Cirshiss
Cadet
- Joined
- Mar 20, 2019
- Messages
- 7
Hi, really new user to this VPN stuff, and NAS aswell to be honest.
I've managed to install everything, it's up and running, but now I feel just lost. (I'm using this guide)
When I come to this section in the guide, OpenVPN Server Configuration, I dont know what settings I should use and it's this part I need help with because when I run this command sockstat -4 -l nothing comes up.
The thing is we have about 20 sister organisations around the country that need to have access to the file-server.
Am I going about this problem the right way with setting up this VPN or should I go for some other solution and what kind in that case?
This is my environment that I work in:
Modem (No control what so ever, its managed by the ISP)
Behind that modem stands our router:
DreyTek Vigor2920 - Security Router
This has a static ip, provided by the ISP, 195.67.133.123, the gateway is 195.67.133.121 with 255.255.255.248 as netmask
Behind that we have a sisco switch with ip 192.168.123.13 bound by mac-address
To that switch our NAS is connected, also bound by mac (192.168.123.17), and all the other computers in our network.
When the OpenVPN jail is up it get this ip via DHCP 192.168.123.29
This is my [root@OpenVPN /]# /keys/openvpn-server.conf
This is my [root@OpenVPN /]# /usr/local/etc/ipfw.rules
This is my [root@OpenVPN /]# /etc/rc.conf
EDIT 1: the IP of OpenVPN had changed from 192.168.123.28->29 when I restarted the jail. It's corrected in the conf (openvpn-server.conf), the jail is up and now they match.
EDIT 2: The path to the conf-file and openvpn_dir was incorrect, it's corrected now.
I've managed to install everything, it's up and running, but now I feel just lost. (I'm using this guide)
When I come to this section in the guide, OpenVPN Server Configuration, I dont know what settings I should use and it's this part I need help with because when I run this command sockstat -4 -l nothing comes up.
The thing is we have about 20 sister organisations around the country that need to have access to the file-server.
Am I going about this problem the right way with setting up this VPN or should I go for some other solution and what kind in that case?
This is my environment that I work in:
Modem (No control what so ever, its managed by the ISP)
Behind that modem stands our router:
DreyTek Vigor2920 - Security Router
This has a static ip, provided by the ISP, 195.67.133.123, the gateway is 195.67.133.121 with 255.255.255.248 as netmask
Behind that we have a sisco switch with ip 192.168.123.13 bound by mac-address
To that switch our NAS is connected, also bound by mac (192.168.123.17), and all the other computers in our network.
When the OpenVPN jail is up it get this ip via DHCP 192.168.123.29
This is my [root@OpenVPN /]# /keys/openvpn-server.conf
Code:
port 10011 proto udp dev tun ca ca.crt cert openvpn-server.crt #Server public key key openvpn-server.key #Server private key dh dh.pem #Diffie-Hellman parameters server 192.168.123.29 255.255.255.0 #Purple network ifconfig-pool-persist ipp.txt push "route 195.67.133.121 255.255.255.248" #Yellow network tls-auth ta.key 0 #crl-verify crl.pem keepalive 10 120 cipher AES-256-CBC auth SHA256 group nobody user nobody comp-lzo persist-key
This is my [root@OpenVPN /]# /usr/local/etc/ipfw.rules
Code:
#!/bin/sh EPAIR=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep epair) ipfw -q -f flush ipfw -q nat 1 config if ${EPAIR} ipfw -q add nat 1 all from 192.168.123.0/24 to any out via ${EPAIR} ipfw -q add nat 1 all from any to any in via ${EPAIR} TUN=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun) ifconfig ${TUN} name tun0
This is my [root@OpenVPN /]# /etc/rc.conf
Code:
ifconfig_epair0b="DHCP" hostname="OpenVPN" cron_flags="$cron_flags -J 15" # Disable Sendmail by default sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" # Run secure syslog syslogd_flags="-c -ss" # Enable IPv6 ipv6_activate_all_interfaces="YES" openvpn_enable="YES" openvpn_if="tun" openvpn_configfile="/keys/openvpn.conf" openvpn_dir="/keys" cloned_interfaces="tun" gateway_enable="YES" firewall_enable="YES" firewall_script="/usr/local/etc/ipfw.rules"
EDIT 1: the IP of OpenVPN had changed from 192.168.123.28->29 when I restarted the jail. It's corrected in the conf (openvpn-server.conf), the jail is up and now they match.
EDIT 2: The path to the conf-file and openvpn_dir was incorrect, it's corrected now.
Last edited: