Hi,

Mahmoud Bahgat wrote:
> Thanks a lot for your support, no words describe your support, I'm 
> really happy the issue solved successfully, another question please is 
> there is any way to secure Site-to-Site OpenVPN Connection which mean 
> ( can i use certificate authority *ca.crt* on site-to-site connection )

you can secure a client-to-client setup using either a preshared key 
(openvpn --genkey --secret secret.key ; then add 'secret secret.key' on 
both sides) or you can use certificates - the latter is an uncommon 
setup, however and I need a little time to come up with the right config 
files for that.

cheers,

JJK

> On Thu, Nov 6, 2014 at 6:14 PM, Jan Just Keijser <janj...@nikhef.nl 
> <mailto:janj...@nikhef.nl>> wrote:
>
>     Hi,
>
>
>     Mahmoud Bahgat wrote:
>
>         *Dear All*
>         i need your help please about the below
>         i need to make my server OpenVPN Client-to-Site and
>         Site-to-Site, i installed the server correctly, i made two
>         .conf files and every thing working fine but the server only
>         run client-to-site TUN interface or site-to-site TUN
>         interface, but i need it to run both TUN to enable C-S S-S
>         connections, you can check the below conf files
>         *>> server.conf file*
>
>         ######################################################
>         local  192.168.1.50
>         fast-io
>
>         port 1194
>         proto udp
>
>         dev tun
>
>
>         ca ca.crt
>         cert Controller.crt
>         key Controller.key  # This file should be kept secret
>
>         dh dh2048.pem
>
>         server 10.0.0.0 255.255.0.0
>
>         tls-exit
>
>         ifconfig-pool-persist ipp.txt
>
>
>
>
>         client-config-dir ccd
>         ccd-exclusive
>
>
>         push "redirect-gateway def1 bypass-dhcp"
>
>         push "dhcp-option DNS 8.8.8.8"
>         push "dhcp-option DNS 4.4.4.4"
>
>         client-to-client
>
>         keepalive 100 200
>
>         tls-auth secret.key 0 # This file is secret
>
>         cipher DES-EDE3-CBC  # Triple-DES
>
>         comp-lzo
>
>
>         user nobody
>         group nobody
>
>         persist-key
>         persist-tun
>
>         status openvpn-status.log
>
>
>         verb 6
>         ##############################################
>
>
>         *>>Connect_to_remote.conf file*
>         ########################################################
>         dev tun1
>         remote 192.168.1.134 1194
>         port 1194
>         proto udp
>         ifconfig 10.8.222.40 10.8.222.41
>         route 80.80.80.0 255.255.255.0
>         comp-lzo
>         keepalive 10 60
>         persist-key
>         persist-tun
>         user nobody
>         group nobody
>         secret secret.key
>         ###########################################################
>
>
>     you'll need to run the two instances on different ports; currently
>     you're using UDP port 1194 for both.
>     Try changing
>
>         remote 192.168.1.134 1194
>         port 1194
>
>     to
>     remote 192.168.1.134 1195
>     port 1195
>
>     (and adjust the other end of the clietot-to-client setup as well)
>
>     HTH,
>
>     JJK
>
>
>


------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to