OPenVPN

oPenVPN is a VPN software.

= QuickStart =

You have two servers that you want to connect. For this tutorial, we will assume that one is called earth and the other is called mars. earth will become your VPN server, mars your VPN client You need two virtual ip addresses for them, in this example, we will take 10.0.0.1 and 10.0.0.2.

On server earth
tar xvfz openvpn*.tar.gz cd openvpn-*/ ./configure && make && make install If you run into problems, see the article compiling from source. openvpn --genkey --secret mykey.key cat >server.conf << EOF dev tun ifconfig 10.0.0.1 10.0.0.2 secret mykey.key EOF scp mykey.key root@earth: openvpn server.conf & netstat -putan | grep 1194 udp       0      0 0.0.0.0:1194            0.0.0.0:*                           11767/openvpn
 * Download openVPN from http://openvpn.net
 * unpack, compile, link and install openvpn:
 * generate a key for encryption
 * create a server.conf
 * copy your encryption file to your client:
 * shut down your fireWall or make sure port 1194 is open
 * start openvpn
 * verify it is running:

On server mars
tar xvfz openvpn*.tar.gz cd openvpn-*/ ./configure && make && make install If you run into problems, see the article compiling from source cat >client.conf << EOF remote earth dev tun ifconfig 10.0.0.2 10.0.0.1 secret mykey.key EOF openvpn client.conf & $ ifconfig tun0 tun0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.0.0.2 P-t-P:10.0.0.1  Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500  Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) $ ping -c 1 10.0.0.1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.518 ms --- 10.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.518/0.518/0.518/0.000 ms $ ping -c 1 10.0.0.2 PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.040 ms --- 10.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.040/0.040/0.040/0.000 ms
 * Download openVPN from http://openvpn.net
 * unpack, compile, link and install openvpn:
 * create a client config file:
 * start openVPN:
 * verify it worked:

transmission test
On earth, open a socket on port 8000: netcat -l -p 8000 On mars, send over a "hello world": netcat 10.0.0.1 8000 hello world Verify the console on earth now shows hello world

= TroubleShooting =

Kernel-unsupported (RHEL 3)
If you are using RHEL 3, install the kernel-unsupported package. It is required for tun support.

Load the tun driver: modprobe tun

Enable IP Forwarding. echo 1 > /proc/sys/net/ipv4/ip_forward

All TAP-Win32 adapters on this system are currently in use
You may get the error message All TAP-Win32 adapters on this system are currently in use when attempting to use OpenVPN on Win32.

It appears that this error occurs when OpenVPN cannot open a TAP-Win32 adapter to use when attempting to set up a VPN connection.

This can happen for a number of reasons, but the top reasons are:


 * The TAP-Win32 'adapter' is marked as disabled. This can be checked by going into the "Network Connections" folder and seeing if the TAP-Win32 'adapter' is disabled. If it is, right-click and select "Enable". Then try OpenVPN again. If this answers your question, please [mailto:bill--tapwin32fix1@blunn.org send me a quick note].
 * The user does not have administrative privileges on the machine. OpenVPN needs administrative privileges to be able to manipulate a TAP-Win32 'adapter'.
 * There is no TAP-Win32 'adapter' installed. Run addtap.bat in the OpenVPN directory. (This is a special case of the following problem.)
 * There are insufficient TAP-Win32 'adapters' installed. This can happen if you are running more than one OpenVPN connection at the same time, but without sufficient instances of the TAP-Win32 adapter to be able to service the number of simultaneous VPN connections requested. Run addtap.bat in the OpenVPN directory.

= See also =


 * http://openvpn.se/ - providing an openVPN gui for Windows.
 * openvpn.net's tutorial