Thanks a lot for your support, no words describe your support, I'm really
happy the issue solved successfully, another question please is there is
any way to secure Site-to-Site OpenVPN Connection which mean ( can i use
certificate authority *ca.crt* on site-to-site connection )

Thanks & Regards,

*Mahmoud Bahgat*
IT Network Security Engineer
Maadi, Egypt
Mob: 01020036998
E: mahmoud.hassa...@gmail.com


On Thu, Nov 6, 2014 at 6:14 PM, Jan Just Keijser <janj...@nikhef.nl> wrote:

> Hi,
>
>
> Mahmoud Bahgat wrote:
>
>> *Dear All*
>> i need your help please about the below
>> i need to make my server OpenVPN Client-to-Site and Site-to-Site, i
>> installed the server correctly, i made two .conf files and every thing
>> working fine but the server only run client-to-site TUN interface or
>> site-to-site TUN interface, but i need it to run both TUN to enable C-S S-S
>> connections, you can check the below conf files
>> *>> server.conf file*
>>
>> ######################################################
>> local  192.168.1.50
>> fast-io
>>
>> port 1194
>> proto udp
>>
>> dev tun
>>
>>
>> ca ca.crt
>> cert Controller.crt
>> key Controller.key  # This file should be kept secret
>>
>> dh dh2048.pem
>>
>> server 10.0.0.0 255.255.0.0
>>
>> tls-exit
>>
>> ifconfig-pool-persist ipp.txt
>>
>>
>>
>>
>> client-config-dir ccd
>> ccd-exclusive
>>
>>
>> push "redirect-gateway def1 bypass-dhcp"
>>
>> push "dhcp-option DNS 8.8.8.8"
>> push "dhcp-option DNS 4.4.4.4"
>>
>> client-to-client
>>
>> keepalive 100 200
>>
>> tls-auth secret.key 0 # This file is secret
>>
>> cipher DES-EDE3-CBC  # Triple-DES
>>
>> comp-lzo
>>
>>
>> user nobody
>> group nobody
>>
>> persist-key
>> persist-tun
>>
>> status openvpn-status.log
>>
>>
>> verb 6
>> ##############################################
>>
>>
>> *>>Connect_to_remote.conf file*
>> ########################################################
>> dev tun1
>> remote 192.168.1.134 1194
>> port 1194
>> proto udp
>> ifconfig 10.8.222.40 10.8.222.41
>> route 80.80.80.0 255.255.255.0
>> comp-lzo
>> keepalive 10 60
>> persist-key
>> persist-tun
>> user nobody
>> group nobody
>> secret secret.key
>> ###########################################################
>>
>>
> you'll need to run the two instances on different ports; currently you're
> using UDP port 1194 for both.
> Try changing
>
>  remote 192.168.1.134 1194
>> port 1194
>>
> to
> remote 192.168.1.134 1195
> port 1195
>
> (and adjust the other end of the clietot-to-client setup as well)
>
> HTH,
>
> JJK
>
>
>
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to