forum.excito.org

So... You have now two BubbaTwo, one at home, and one at work, and you really want to combine them into one network?

Time to set up a virtual private network!

For this to work, you need both a home, and a work, two BubbaTwo, internet connection available at both work and home, and at least one of those connections must be externally accessible; for most people, this is usually home, as at work, the corporate firewall might not happily comply.

So with the basic assumption that home is our central location, we will host the "server" there.

First we SSH into the two bubbas and issues the command as root:
at your home bubba, copy the folder /usr/share/doc/openvpn/examples/easy-rsa/ to /root;
Also copy /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz to /etc/openvpn and gunzip it

At the office bubba, copy /usr/share/doc/openvpn/examples/sample-config-files/client.conf to /etc/openvpn.

At home bubba, cd to /root/easy-rsa
Edit the file vars, and enter the required values at the bottom, KEY_COUNTRY is the two letter country code.

Now issue following command: The field Common Name during build-ca is required to be filled.

Now issue: As above, fill in a common name (for example "server"), and choose yes on all questions.

And again:
And again, fill in a common name (for example "client"), and choose yes on everything.

We continue now by creating Diffie Hellman parameters:
This might take a while.

Now copy the ca.crt, server.crt, server.key and the dh1024.pem file from the keys dir to /etc/openvpn;
Copy magically ca.crt, client.crt, client.key to the office bubba in /etc/openvpn.

now enter /etc/network and edit the firewall.conf, add following:
And on the client side add
on both issue:
Now this is done, we need to make an decision; we must have unique networks everywhere; and as the BubbaTwo defaults with 192.168.10.0, we need first to change that one one machine, for example to change it to 192.168.37.0 on the office machine, also remember that the networks must be unique in relation to adjacent networks on the other networks.

On the server, edit /etc/openvpn/server.conf

at the line starting with "server", set e unique network on both places.

In the client.conf file at the office, set the remote to your home ip/dns.

now on both, issue Now, at your office, by pinging 10.8.0.1, your home bubba should answer.
'
That is basically it, more information can be found in http://openvpn.net/index.php/documentation/howto.html

/Carl

Very nice, could i also use this to set up a vpn between my bubba at home and a windows-machine at work? (And if so, how?)

[EDIT:] Got it up and running, you have to install the Windows-client though. I'll try it at work to see how it functions

Thanks for the nice howto, gonna try it this weekend.

Just one question, my bubba2 is behind my dsl router ( Fritzbox ), does this also work if I forward the VPN ports from the fritzbox to the bubba2 ?
When yes, which ports should be forwarded ?

BR

Ton.

I've got the Open VPN working (I can connect to my bubba via HTTP), but i'm still looking how to connect using SMB. Editing samba.conf as outlined in:
http://openvpn.net/index.php/documentation/howto.html
But if i do this SMB is no longer accessible from my home network and it is also unaccessible from via VPN. So I guess the is something else. I try to access my bubba via VPN from a computer running XP pro.

Martijn

Hi Martijn,

I solved the problem by adding the tun0 interface to my "interfaces" line in the smb.conf and as I remember ( have no access to my bubba at the moment ) the line below this "interfaces" had to be commented out to allow samba to broadcast on the tun0 interface, because it is a temporary interface. If you can't find the option I could have a look later.

BR.

Ton.

the line below this "interfaces" had to be commented out to allow samba to broadcast on the tun0 interface, because it is a temporary interface.

That was it. I had added the tun) interface, but i had no idea about uncommenting the next line.

Cheers

Martijn

Hello all,

I did all the steps described above for the server side of vpn, but when i try to restart it on bubba two, it saids failed to start.

this is what i filled in:


The Subject's Distinguished Name is as follows
countryName RINTABLE:'NL'
stateOrProvinceName RINTABLE:'Zuidholland'
localityName RINTABLE:'Rotterdam'
organizationName RINTABLE:'VPNServer'
organizationalUnitName:PRINTABLE:'server'
commonName RINTABLE:'server'
emailAddress :IA5STRING:'rewien@hotmail.com'

Is there something i'm missing?

I'm trying to set up bubba two as a vpn server so that some pc with windows xp could access it as clients

rewien wrote:Hello all,

I did all the steps described above for the server side of vpn, but when i try to restart it on bubba two, it saids failed to start.

this is what i filled in:


The Subject's Distinguished Name is as follows
countryName RINTABLE:'NL'
stateOrProvinceName RINTABLE:'Zuidholland'
localityName RINTABLE:'Rotterdam'
organizationName RINTABLE:'VPNServer'
organizationalUnitName:PRINTABLE:'server'
commonName RINTABLE:'server'
emailAddress :IA5STRING:'rewien@hotmail.com'

Is there something i'm missing?

I'm trying to set up bubba two as a vpn server so that some pc with windows xp could access it as clients

Got it up working, use this extra: http://www.hostingelite.nl/page.php?ite ... etup-howto

Had my config file wrong

Thanks,
Rewien

Can a company track what internet site I am visiting if I am on their VPN? What if I am not connected to the VPN? Can they still track, if it is a company computer?
___________________
external keyword tool ~ keyworddiscovery.com ~ keycompete.com ~ compete.com ~ webmasterworld.com

If you are on a vpn your internet access may be routed via the VPN (I don't know the specifics, perhaps someone can explain this better and tell you how to set which IP adresses are routed via the VPN and which are routed over your regular internet connection.
If you are surfing the net using your private internet connection the only way to track your internet access is via a (software) logger installed on your computer or by accessing the internet history on your PC (if you don't wipe this).

The issue below is solved:
See
http://forum.excito.net/viewtopic.php?f ... vpn#p11708

---------------------
Using the post of carl, I installed openvpn on the Bubba Two, but I only want to use it as a client for an external openvpn service.

My bubba two is configured as "router+firewall+server", and I would like to use the openvpn client to route all the traffic through the vpn (so all connected computers can make use of the vpn).

The issue I encounter is that after the client vpn is started (without giving errors), all traffic is NOT routed through the tunnel: actually no traffic is possible at all.

After that, NO internet traffic is possible any more.. (even a PING or traceroute on the router cannot find a computer, not even my providing the ip address.
So something is wrong with the routing, I assume.

Any ideas or hints?

With kind regards,

Ernst Jan