OpenVPN

From Docunext Technology Wiki

OpenVPN uses OpenSSL to be one of the easier implementations of VPN. I hadn't tried it for about five years when I last was unable to get it working, but then I used PPTP to port forward over a VPN, I started to envision some very useful scenarios for OpenVPN.

Indeed - I now how an OpenVPN server running on a pfSense firewall with two Debian clients connected.

Contents 1 General Notes 2 MTU Woes 3 Logs 4 See Also 5 Links

General Notes

• I'm using mssfix 1400 on the server to avoid mtu issues; mtu of 1482 on pfSense due to FIOS overhead
• I set an address pool of a /27 subnet (up to 30 hosts)
• I've never seen anything like the ip distribution that OpenVPN uses! The FAQ helps... see "Why does OpenVPN's "ifconfig-pool" option use a /30 subnet (4 private IP addresses per client) when used in TUN mode?"
• I'm setting client ip addresses in pfSense via the "Client-specific configuration" section, like this:

I had originally wanted to use DHCP, but I read some reviews which sounded more complicated than I'd hoped! I definitely want to keep track of the IP space though - I'll have to decide whether to use a Dynamic DNS client, or connect a DNS server to the OpenVPN configuration. I've been doing a ton of work with DNS lately; my setup is coming along, but I still have more work to do on it.

MTU Woes

I keep having trouble with MTUs.

These links might be of use:

• https://wiki.contribs.org/OpenVPN#OpenVPN_Server_Configuration
• http://danielmiessler.com/study/tcpdump/

Logs

Jun 19 12:09:25 vpn-space ovpn-glass[5179]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jun 19 12:09:25 vpn-space ovpn-glass[5179]: /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Jun 19 12:09:25 vpn-space ovpn-glass[5179]: LZO compression initialized
Jun 19 12:09:25 vpn-space ovpn-glass[5181]: UDPv4 link local: [undef]
Jun 19 12:09:25 vpn-space ovpn-glass[5181]: UDPv4 link remote: [AF_INET]x.x.x.x:1194
Jun 19 12:09:26 vpn-space ovpn-glass[5181]: [vpn-glass.savonix.com] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Jun 19 12:09:28 vpn-space kernel: [275165.622647] tun0: Disabled Privacy Extensions
Jun 19 12:09:28 vpn-space ovpn-glass[5181]: TUN/TAP device tun0 opened
Jun 19 12:09:28 vpn-space ovpn-glass[5181]: /sbin/ifconfig tun0 192.168.21.37 pointopoint 192.168.21.33 mtu 1500
Jun 19 12:09:28 vpn-space ovpn-glass[5181]: Initialization Sequence Completed

See Also

• OpenSSL
• Debian OpenVPN pfSense
• OpenVPN and IPSec Comparison
• pfSense
• IPSec
• PPTP
• L2TP

Links

• http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN
• http://www.gorlani.com/docs/nattedoffice/pfSenseRW.htm