Thanks a lot for your support, no words describe your support, I'm really happy the issue solved successfully, another question please is there is any way to secure Site-to-Site OpenVPN Connection which mean ( can i use certificate authority *ca.crt* on site-to-site connection )
Thanks & Regards, *Mahmoud Bahgat* IT Network Security Engineer Maadi, Egypt Mob: 01020036998 E: mahmoud.hassa...@gmail.com On Thu, Nov 6, 2014 at 6:14 PM, Jan Just Keijser <janj...@nikhef.nl> wrote: > Hi, > > > Mahmoud Bahgat wrote: > >> *Dear All* >> i need your help please about the below >> i need to make my server OpenVPN Client-to-Site and Site-to-Site, i >> installed the server correctly, i made two .conf files and every thing >> working fine but the server only run client-to-site TUN interface or >> site-to-site TUN interface, but i need it to run both TUN to enable C-S S-S >> connections, you can check the below conf files >> *>> server.conf file* >> >> ###################################################### >> local 192.168.1.50 >> fast-io >> >> port 1194 >> proto udp >> >> dev tun >> >> >> ca ca.crt >> cert Controller.crt >> key Controller.key # This file should be kept secret >> >> dh dh2048.pem >> >> server 10.0.0.0 255.255.0.0 >> >> tls-exit >> >> ifconfig-pool-persist ipp.txt >> >> >> >> >> client-config-dir ccd >> ccd-exclusive >> >> >> push "redirect-gateway def1 bypass-dhcp" >> >> push "dhcp-option DNS 8.8.8.8" >> push "dhcp-option DNS 4.4.4.4" >> >> client-to-client >> >> keepalive 100 200 >> >> tls-auth secret.key 0 # This file is secret >> >> cipher DES-EDE3-CBC # Triple-DES >> >> comp-lzo >> >> >> user nobody >> group nobody >> >> persist-key >> persist-tun >> >> status openvpn-status.log >> >> >> verb 6 >> ############################################## >> >> >> *>>Connect_to_remote.conf file* >> ######################################################## >> dev tun1 >> remote 192.168.1.134 1194 >> port 1194 >> proto udp >> ifconfig 10.8.222.40 10.8.222.41 >> route 80.80.80.0 255.255.255.0 >> comp-lzo >> keepalive 10 60 >> persist-key >> persist-tun >> user nobody >> group nobody >> secret secret.key >> ########################################################### >> >> > you'll need to run the two instances on different ports; currently you're > using UDP port 1194 for both. > Try changing > > remote 192.168.1.134 1194 >> port 1194 >> > to > remote 192.168.1.134 1195 > port 1195 > > (and adjust the other end of the clietot-to-client setup as well) > > HTH, > > JJK > > >
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users