pavement

Openvpn with fixed ips

From FreeBSDwiki
Revision as of 16:48, 11 July 2008 by GNUtoo (Talk | contribs)
Jump to: navigation, search

Introduction

We already explored openvpn with dhcp...here we will have fixed ips without dhcp...here's the setting:

  • isc-dhcp40-server
  • bind95
  • openvpn

with this setup we will be able to see the internal network from an external connection:

Setup

here's openvpn.conf:

ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key
dh /usr/local/etc/openvpn/keys/dh1024.pem
# USE TAP ON SERVER AND CLIENT SIDE !
dev tap
#ifconfig-pool-persist ipp.txt
# replace 192.168.1.101 with the VPN IP
server-bridge 192.168.0.1 255.255.254.0 192.168.0.2 192.168.0.250
keepalive 10 120
client-to-client
verb 3
duplicate-cn
push "route-gateway 192.168.0.1"
push "dhcp-option DNS 192.168.0.1" # push DNS entries to openvpn client
push "redirect-gateway"
#redirect-gateway
client-config-dir /usr/local/etc/openvpn/config

here's the content of a client config in /usr/local/etc/openvpn/config i named this file with the name of the certificate: port4 : that is needed so it will assign this ip to the owner of the port4 certificate

ifconfig-push 192.168.0.107 255.255.254.0

here's the content of /usr/local/etc/dhcpd.conf

option domain-name "workgroup";
ddns-update-style none;
class "openvpn" {
        match if substring (hardware,1,2) = 00:ff;
} 

subnet 192.168.1.0 netmask 255.255.255.0 {
        option routers 192.168.1.1;
        option domain-name-servers 192.168.1.1;
        pool {
                deny members of "openvpn";
                allow unknown-clients;
                allow known-clients;
                ddns-updates off;
                range 192.168.1.100 192.168.1.199;
        }
} 

host port4 {
  hardware ethernet 00:16:6f:b9:02:a4;
  fixed-address 192.168.1.107;
}
Personal tools