OpenVPN Setup

[Bill Tillman]

________________________________
From: Kevin Wilcox <kevin.wilcox at gmail.com>
To: Bill Tillman <btillman99 at yahoo.com>
Cc: freebsd-questions at freebsd.org
Sent: Wed, May 11, 2011 9:28:08 AM
Subject: Re: OpenVPN Setup

On Wed, May 11, 2011 at 09:11, Bill Tillman <btillman99 at yahoo.com> wrote:

> 2. I have my OpenVPN process running on my FreeBSD server and wish to test it
> with the OpenVPN client for Windows on my laptop from an outside location. But
> the only outside locations I have access to right now are the local McDonalds
> and Starbucks which offer free WiFi via AT&T's network. The trouble with this 
>is
> they appear to be blocking almost everything at these locations with the
> exception of HTTP traffic. I can't make the connection and I cannot acces my 
>LAN
> via SSH either. I don't think they are blocking any particular ports on these
> systems as much as they are just blocking everything except those ports which
> allow users to surf the web. The only thing which appears in the status window
> is that's it trying to make the handshake but then fails. I can ping my home
> server from these outside locations so I know my server is reachable.

It's not uncommon for guest/visitor/unsponsored/portal wireless to
only have ports 80 and 443 (sometimes only port 80) open. You can
modify your server's config to use port 80 instead of 1194 (assuming
you aren't running a webserver on that machine). Keep in mind that if
you do that then before you can connect you'll have to:

o change the config on the server
o restart openvpn on the server
o change the config on the client

kmw
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

Thanks again. Setting the proto to tcp, port 443 is working at least. I'm 
sitting comfortably in a Starbucks with a cup of java and smooth jazz playing 
and with a powered connection so I won't have to worry about battery in this 
laptop which only lasts about 20 minutes these days. So I can run the VPN client 
here and it makes connection and grabs an IP address 10.8.0.6, and I can ping 
the tunnel device on the other end 10.8.0.1 but I cannot access the other side 
of the VPN server at home, 10.0.0.0/24. Nothing will reply to pings and my 
attempts to do remote desktop with one of my windows machines fails and I cannot 
access the Samba shares on the VPN server. I guess this must be a routing issue 
but I thought the OpenVPN server set this up when it started. Any additional 
advice will be appreciated. I'm going to stay here and hack at it until they run 
me off.


Just cleared one more hurdle. Turns out the PUSH line in server.conf was still 
commented out. A quick change there and it's off and running. I can now ping 
inside my LAN from this remote connection and just completed a successful Remote 
Desktop session with one of the Windows clients inside as well. I'm still 
somewhat confused on the routes needed and several of my tests are still in 
place on the home LAN servers so I'm not sure what actually worked and what can 
be removed if any. The PUSH line though seemed to be all it needed but I think 
there is something on the inside which needs to be set as well.

Sorry for all the traffic, but I have the time this week to hack at this until I 
get it right.