Hi, Mahmoud Bahgat wrote: > Thanks a lot for your support, no words describe your support, I'm > really happy the issue solved successfully, another question please is > there is any way to secure Site-to-Site OpenVPN Connection which mean > ( can i use certificate authority *ca.crt* on site-to-site connection )
you can secure a client-to-client setup using either a preshared key (openvpn --genkey --secret secret.key ; then add 'secret secret.key' on both sides) or you can use certificates - the latter is an uncommon setup, however and I need a little time to come up with the right config files for that. cheers, JJK > On Thu, Nov 6, 2014 at 6:14 PM, Jan Just Keijser <janj...@nikhef.nl > <mailto:janj...@nikhef.nl>> wrote: > > Hi, > > > Mahmoud Bahgat wrote: > > *Dear All* > i need your help please about the below > i need to make my server OpenVPN Client-to-Site and > Site-to-Site, i installed the server correctly, i made two > .conf files and every thing working fine but the server only > run client-to-site TUN interface or site-to-site TUN > interface, but i need it to run both TUN to enable C-S S-S > connections, you can check the below conf files > *>> server.conf file* > > ###################################################### > local 192.168.1.50 > fast-io > > port 1194 > proto udp > > dev tun > > > ca ca.crt > cert Controller.crt > key Controller.key # This file should be kept secret > > dh dh2048.pem > > server 10.0.0.0 255.255.0.0 > > tls-exit > > ifconfig-pool-persist ipp.txt > > > > > client-config-dir ccd > ccd-exclusive > > > push "redirect-gateway def1 bypass-dhcp" > > push "dhcp-option DNS 8.8.8.8" > push "dhcp-option DNS 4.4.4.4" > > client-to-client > > keepalive 100 200 > > tls-auth secret.key 0 # This file is secret > > cipher DES-EDE3-CBC # Triple-DES > > comp-lzo > > > user nobody > group nobody > > persist-key > persist-tun > > status openvpn-status.log > > > verb 6 > ############################################## > > > *>>Connect_to_remote.conf file* > ######################################################## > dev tun1 > remote 192.168.1.134 1194 > port 1194 > proto udp > ifconfig 10.8.222.40 10.8.222.41 > route 80.80.80.0 255.255.255.0 > comp-lzo > keepalive 10 60 > persist-key > persist-tun > user nobody > group nobody > secret secret.key > ########################################################### > > > you'll need to run the two instances on different ports; currently > you're using UDP port 1194 for both. > Try changing > > remote 192.168.1.134 1194 > port 1194 > > to > remote 192.168.1.134 1195 > port 1195 > > (and adjust the other end of the clietot-to-client setup as well) > > HTH, > > JJK > > > ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
