Recommended way to cut teeth on OpenVPN



  • I'm an almost complete newbie when it comes to VPNs. I've fought with IPSEC, only succeeding at getting a tunnel to work (no road-warrior). Now, I'm looking at OpenVPN.

    What I've been doing is trying to get my home office connected to my work-place. Working the kinks out of this involves a lot of back-and-forth travel (by me). But I should be able to try things out at my work-place using just internal networks, shouldn't I?

    Being so new to VPNs, I'm having trouble imagining what this would look like. I guess I would want an OpenVPN server running on an internal interface (say 192.168.50.0/24, we have 192.168.48.0/20 to play with) and I could allocate road-warriors addresses from another sub-net of our /20 (say 192.168.51.0/24), but confusion sets in beyond that.



  • If you haven't already done so I'd suggest you read OpenVPN's own documentation.

    For learning, if you're confident doing so, I'd recommend setting up a small virtual network to experiment with. OpenVPN is pretty easy to get running once you've done that (in my experience).



  • Yes. I've begun to digest some of the documentation on the OpenVPN site.

    I'm lucky enough to have a couple of Alix boxes sitting in a bin in my office. Both are even configured as pfSense boxes as I was using for working with IPSEC. It wouldn't take much to set one up for OpenVPN testing.

    But I still keep thinking of how one would set up a VPN internally. I mean, that could be a really useful tool. I guess all you would need are three networks:

    • one on one real interface

    • one on another real interface

    • and one subnet set aside for addresses to allocate to the clients

    It's going to haunt me until I get it working. OCD is a curse!

    @Cry:

    If you haven't already done so I'd suggest you read OpenVPN's own documentation.

    For learning, if you're confident doing so, I'd recommend setting up a small virtual network to experiment with. OpenVPN is pretty easy to get running once you've done that (in my experience).



  • After setting up OpenVPN on a pfSense 2.0 box (which was ridiculously easy using the wizard), I realise that it would be quite simple to set up a test internal OpenVPN on a pfSense box. Like I said above, all you would need are two interfaces. One could be the one you want to VPN to. The other where you will VPN from. Run OpenVPN on the network the VPN traffic will come from, and everything else stays the same.

    Simple.


Locked