Setting up your own VPN server and getting everything working can be a real pain to do. Over the past few months I’ve been off and on trying to get one working. While I had attempted to get other methods, which did not require software to be installed in Windows, to work, I ended up settling on using OpenVPN. Here are a few notes and resources I found useful.
I used the above guide to begin my setup of a OpenVPN server on my server running Funtoo (a Gentoo variant). While the guide is pretty good, I have a few notes:
- The line remote
<vpn server ip> 9900for the Linux client config is wrong, in the example configs the port should always be 9000
- Since the writing of the guide, easy-rsa has been split off into it’s own package, install it by running
emerge -av easy-rsa
- The directory the easy-rsa files go to has changed, they are now located under
/usr/share/easy-rsa/you will want to copy these somewhere else (e.g.
/etc/openvpn/easy-rsa) to prevent them from being overwritten when updating easy-rsa
- Easy-rsa contains several OpenSSL config files, you’ll either need to update the server.cnf file to match the installed OpenSSL version, or create a symlink with openssl.cnf pointing to the appropriate openssl-.cnf file.
- If you do not have
$OPENSSLdefined, you’ll run into issues running
./build-dh. You should be able to edit line 7 of build-dh replacing
Beyond this guide, when trying to talk to a Samba server, a few things should be noted:
- When using a VPN to connect to a network with the Samba server, you will have a IP address in a different network than the Samba server is in (e.g. 192.168.2.0 vs 192.168.10.0). Make sure to add your VPN network to the
hosts allowproperty in your smb.conf.
- Since Windows Vista, Windows tries to find a gateway to determine if the connected network is a home, office, or public network. You may need to add
push "route 0.0.0.0 0.0.0.0 vpn_gateway 999"to your OpenVPN server’s config file.
- If you want to use the Netbios name to access the Samba server, you will want to place
push "dhcp-option WINS <SAMBA_IP_ADDRESS>"(where
<SAMBA_IP_ADDRESS>is the IP address of your Samba server) in your OpenVPN server’s config file.
Lastly, you should note that if the network you are VPNing into has a server at the same IP address as the network you are VPNing from, it may be difficult to contact the server on the network you have VPNed into. So, it is probably a good time to move away from using 10.0.0.0, 172.16.0.0, or 192.168.1.0 as your network address.
[end of transmission, stay tuned]