Tag Archives: Samba

OpenVPN Tips And Tricks

Posted by in Guides

Setting up your own VPN server and getting everything working can be a real pain to do. Over the past few months I’ve been off and on trying to get one working. While I had attempted to get other methods, which did not require software to be installed in Windows, to work, I ended up settling on using OpenVPN. Here are a few notes and resources I found useful.

Gentoo Forums :: View topic – Howto Openvpn – The quick easy wayhttp://forums.gentoo.org/viewtopic-t-117709-view-next.htmlI’ve read through a lot of howto’s for openvpn, and a lot of them didn’t seem to work, I could follow them line for line and I kept running into problems. Here is my HOWTO on openvpn, which i find was the simpliest way of setting it up.

I used the above guide to begin my setup of a OpenVPN server on my server running Funtoo (a Gentoo variant). While the guide is pretty good, I have a few notes:

  • The line remote <vpn server ip> 9900 for the Linux client config is wrong, in the example configs the port should always be 9000
  • Since the writing of the guide, easy-rsa has been split off into it’s own package, install it by running emerge -av easy-rsa
  • The directory the easy-rsa files go to has changed, they are now located under /usr/share/easy-rsa/ you will want to copy these somewhere else (e.g. /etc/openvpn/easy-rsa) to prevent them from being overwritten when updating easy-rsa
  • Easy-rsa contains several OpenSSL config files, you’ll either need to update the server.cnf file to match the installed OpenSSL version, or create a symlink with openssl.cnf pointing to the appropriate openssl-.cnf file.
  • If you do not have $OPENSSL defined, you’ll run into issues running ./build-dh. You should be able to edit line 7 of build-dh replacing $OPENSSL with openssl

Beyond this guide, when trying to talk to a Samba server, a few things should be noted:

  • When using a VPN to connect to a network with the Samba server, you will have a IP address in a different network than the Samba server is in (e.g. 192.168.2.0 vs 192.168.10.0). Make sure to add your VPN network to the hosts allow property in your smb.conf.
  • Since Windows Vista, Windows tries to find a gateway to determine if the connected network is a home, office, or public network. You may need to add push "route 0.0.0.0 0.0.0.0 vpn_gateway 999" to your OpenVPN server’s config file.
  • If you want to use the Netbios name to access the Samba server, you will want to place push "dhcp-option WINS <SAMBA_IP_ADDRESS>" (where <SAMBA_IP_ADDRESS> is the IP address of your Samba server) in your OpenVPN server’s config file.

Lastly, you should note that if the network you are VPNing into has a server at the same IP address as the network you are VPNing from, it may be difficult to contact the server on the network you have VPNed into. So, it is probably a good time to move away from using 10.0.0.0, 172.16.0.0, or 192.168.1.0 as your network address.

-John Havlik

[end of transmission, stay tuned]