-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 cc'ing list
Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Saturday, January 15th, 2022 at 17:56, tincantech <tincant...@protonmail.com> wrote: > Hi Bo, > > FYI, we don't support routers; you will need to consult the router > manual/support channel for the specifics of your router. > > However, from the server config you posted, two notes: > > 1. It is likely that the "Custom Configuration" is where you will need to > add the openvpn --iroute in a client-config-file. > 2. Yes, your server is old and, technically, unsupported. > > See: https://community.openvpn.net/openvpn/wiki/SupportedVersions > > This means you will need to manually configure a secure cipher like > AES-128-CBC on the server and client. Also, compression is now no longer > recommended. However, in your case you control both server and client, so it > is safer to use compression this way. > > Finally, why don't you simply use a Linux Virtual Machine with Ubuntu > (Easy) and setup your VPN there. Learn how to do it first. > > Regards. > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > > On Saturday, January 15th, 2022 at 17:39, Bo Berglund > bo.bergl...@gmail.com wrote: > > > Thanks for your clarifications. > > > > I will try to find the info in the link you provided. > > > > However I have the added problem of dealing with an OpenVPN system inside > > an ASUS Router > > > > which I did not install and set up and they have various things in the way > > such as a temp file > > > > system and a GUI for configuring some aspects of the server config but not > > all... > > > > I have been able to SSH into the sever router and this is what I found: > > > > admin@RT-AC86U:/tmp/home/root# openvpn --version > > > > OpenVPN 2.3.2 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [EPOLL] > > [eurephia] [MH] [IPv6] built on Sep 11 2018 > > > > So this version of OpenVPN is a bit old, I hope it does not cause problems, > > after all the two routers use the same version. > > > > And I just want the two LAN sections be connected so that devices can reach > > each other. > > > > I also found what I believe is the basic server config, basic since I have > > not yet enabled VPN server on the router so it might change stuff in that > > process: > > > > admin@RT-AC86U:/# cat tmp/etc/openvpn/server1/config.ovpn > > > > Automatically generated configuration > > ===================================== > > > > Tunnel options > > ============== > > > > proto udp > > > > multihome > > > > port 1194 > > > > dev tun21 > > > > sndbuf 0 > > > > rcvbuf 0 > > > > keepalive 15 60 > > > > daemon vpnserver1 > > > > verb 3 > > > > status-version 2 > > > > status status 10 > > > > comp-lzo adaptive > > > > plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn > > > > Server Mode > > =========== > > > > server 10.251.1.0 255.255.255.0 > > > > duplicate-cn > > > > push "route 192.168.119.0 255.255.255.0 vpn_gateway 500" > > > > push "redirect-gateway def1" > > > > Data Channel Encryption Options > > =============================== > > > > auth SHA1 > > > > TLS Mode Options > > ================ > > > > ca ca.crt > > > > dh dh.pem > > > > cert server.crt > > > > key server.key > > > > Custom Configuration > > ==================== > > > > Best Regards, > > > > Bo Berglund > > > > email: bo.bergl...@gmail.com > > > > -----Original Message----- > > > > From: tincantech tincant...@protonmail.com > > > > Sent: Saturday, 15 January 2022 16:35 > > > > To: bo.bergl...@gmail.com > > > > Subject: Re: [Openvpn-users] LAN-LAN connection via ASUS Router OpenVPN? > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA256 > > > > Unless your router is using OpenVPN Access Server, you may find this help > > more useful: > > > > https://openvpn.net/community-resources/expanding-the-scope-of-the-vpn-to-include-additional-machines-on-either-the-client-or-server-subnet/ > > > > To join your two networks, you can use either: > > > > - Point-to-point VPN > > > > - FULL Server/Client VPN > > > > - Bridge VPN (NOT RECOMMANDED in spite of what the website says!) > > > > Point-to-point VPN is only two instances of openvpn, one at each end of > > the tunnel. There is no specific server or client, although one end still > > listens while the other connects. This setup does not require --iroute > > because there is only one remote end-point. > > > > Then setup routing to connect your networks. > > > > See: https://community.openvpn.net/openvpn/wiki/StaticKeyMiniHowto > > > > FULL Server/Client VPN, is what I use and recommend. > > > > The only real difference from point-to-point is that the VPN server > > needs to associate remote LANs with a unique client, which is what --iroute > > does. > > > > There is also the fact that this mode uses TLS as well but I believe > > OpenVPN 2.6 aims to add TLS to P2P. > > > > See: https://community.openvpn.net/openvpn/wiki/HOWTO > > > > (Read it twice. I have it open all the time) > > > > Then setup routing to connect your networks. > > > > Bridge VPN, Not recommended. In this mode, your VPN will use a lot more > > data, unnecessarily. Also, some clients do not support bridge mode. > > > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > > > > On Friday, January 14th, 2022 at 15:23, Bo Berglund > > bo.bergl...@gmail.com wrote: > > > > > > > Bo Berglund > > > > > > Developer in Sweden > > > > > > Openvpn-users mailing list > > > > > > Openvpn-users@lists.sourceforge.net > > > > > > https://lists.sourceforge.net/lists/listinfo/openvpn-users > > > > -----BEGIN PGP SIGNATURE----- > > > > Version: ProtonMail > > > > wsBzBAEBCAAGBQJh4umOACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec > > > > 9muQuJ164ggAhCFW6pKfaVGy00+qs0iph9Xz/RsW02G5Qo6sT5qWWw7vnsKu > > > > JBT56WqPXL44b4ck8TiQ2ush7++/HyAeBaURv5ZfdV2bsrFVFSnggFQmDm4n > > > > 1b0xLr7WzCsfCC4d5F7WNe1T/VgA/k3ZWIv31TYT3RyqCkHc3KCzwrmpIrvB > > > > xYkn912rsf9qDV9wG6esMg2wVUE3QK6ObzYmS9Vn8KXhENl07nr5xRZR/lGr > > > > Oz2/rXLf3iCLE5zKjq+VO54aR23CBy3Wa+F6KMohtYRzCuriUy084747rW5R > > > > nmmJpSr3cfHiBGJ2OFxxN/Di6BDWRClNxD7V3rccSoe25xq8nJr/ZA== > > > > =6hHQ > > > > -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJh4wt0ACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ3nRwgAwwY0I7fULV/iPxYCmluDgGZAhe3kYFHKovnhlCt+FV8kkjC4 fUnPPjLqIrWpMjq1j9h3WgJh67jcBi9Dm3fvmNP2W2GFlcHeOd0eUW4noJJa HFOuMreiDLxI1VY32GFetahDglU/L/VBvubPC4GLrIDKCicMCvQVdmTn6Xsy rSzH0Puvx1uk/WBqCVDLZ1ObeN7tN4KsKT0t2xesILzlbZLhPw69siAtmjcF theHXeur8HtDtEUPjZpaT5EyfI/bqlW0mFhD7ec9QFQxz9fHxaOGnBSerOx5 +/PNWjSB4hJXjSu+/d7yGnAqGfLjnCpdTl/4YfqEMzn8TC9lth1rtA== =RtaU -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
