Home > OpenVPN, Security, Security Guide > OpenVPN up and running

OpenVPN up and running

Joat and I spend parts of weekends working on “geek” projects. Asterisk was the last big project and last weekend’s project was OpenVPN.

The mission had a few parts:

  1. Connect IAX2 traffic between Asterisk servers.
  2. Allow my “road warrior” laptops to connect to provide secure connectivity.
  3. Provide “insane” encryption and authentication for no apparent reason except to show that it can be done.

The configuration wasn’t so bad but I ran into two problems that I’d like to document here to maybe keep people from making the same mistake if they want to setup OpenVPN.

The first mistake was an error in the OpenVPN book that I was using. It correctly told me to create a server key using easy-rsa’s build-key-server script. The book further went on to say that I should generate client keys using the same script. That is incorrect. Client keys should be generated using build-key. You will get a “purpose” error if you try to authenticate using a key generated by build-key-server.

The second mistake was an error in my thinking about IP addresses and tunnels. For those that don’t understand networking here’s a brief explanation on what addressing needs there are to create a network. Each network needs a “network address” and a “broadcast address”. That’s it. If you want to have clients on this network you have to put those addresses between the network address and the broadcast address. So when you stand up a network which will host tunnels you must give that network four IP address for each tunnel (one for the network, one for each client, and one for the broadcast). I didn’t plan for that many addresses on my first subnetting adventure so we could only stand up one tunnel at a time. I finally READ the error and was able to figure out the problem.

So I have accomplished all three tasks and, with the exception of a couple of routes, am all done. I won’t say how long I spent on the last error but let’s just say it was too long.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s