I recently made a VPN server, and I figured out how to do it, after posting because I was clueless.
I wanted to tell you how to set up VPN on an ebox.
In my situation I had a home network, witch is a house (not an enterprise) I was using for my own plesure, and a proof of concept for the ebox as an install to accompany (or replace) a windows server at my church, witch I do audio for.
I will apply the setup to my house, here is a diagram of how I am using it NOW
INTERNET <<eth1>>[ebox 12.3]<<eth0>>-,---- [Windows machine with RDP]
(192.168.2.205) | (192.168.2.96)
|------[iMac with many files i forget to email myself
]
| (192.168.2.98)
(and more...)
system info
Compaq 800 MHz 256 MB memory
15 GB hard-drive
ebox 12.3 (latest at post)
ip 192.168.2.205
functioning as gateway, DHCP, dns, etc.
I will put the screenshots on dropbox (a file cloud site)
http://www.getdropbox.com/gallery/644494/1/Ebox%20VPN?h=329957first, stuff I expect you to have...
-Two interfaces, or NICs, You can use the one on the system, and on pci, I assume you have this set up(I just bought one at officemax for 15 bucks)
-A complete gatway setup, including that the dns is running, and the default on dhcp (ie. your -Default gatway is the ip of the ebox)
-An understanding of how to make sure everything is working, or a computer to try it with (when we are done)
VPN is amazing, I have only known how to use it for an hour, and it is awsome.
1. Make certificate authority (image 2) I call it borvpn, if you already have a certificate authority, skip to the next step. give it a 360 (or more) days till exparation.
2. make two certificates, I have made everything expire on the same day (I hope I remeber why it stops working then), I named one netbook, and one borgetti
3. go to vpn >> server make one that is not enabled, we will do that later, I named mine borgetti (see image 3)
4. configure it, by clicking that icon in its configure colum, refer to (image 4) for more info
in order the settings
tcp 1723
adress = 192.168.0.0
server certificate = one of the two
disabled
NAT = false
client to client = false (I don't know what this is)
tunnel = false
password = (don't put anything)
interfaces = all interfaces
hit "change"
Go to advertised services, add whatever the first three bytes of your ebox's ip adress are THIS MATTERS....
(1) if your ebox is 192.168.1.1 it is 192.168.1
(2) if your ebox is 192.168.2.205 it is 192.168.2
(3) if it is 182.168.200.4 it is 192.168.200
then put a zero in the last place, so if you are
if your ebox ip adress is 192.168.2.205 YOU PUT INTO THE ADVERTISED NETWORK: 192.168.2.0 (/24)
if your ebox ip adress is 192.168.1 YOU PUT INTO THE ADVERTISED NETWORK: 192.168.1.0 (/24)
This is the "lan", the local (your servers network) network (class c that is)
add that advertised network use /24, and continue (image 1)
then get the client bundle and use the image as a guide or these values from top to bottom
-Select your os
-Use the certificate YOU DID NOT use before (when making the vpn server)
-Enter the adress of your local network such as mylocaldomain.no-ip.org (you can get a dynamic ip adress hostname from no-ip for free)
-Then click change.
And when you download the config files, unzip (or tar)
-Put them all in the config directory of the openvpn on windows.
or type
openvpn --config (and give the filename)
for linux
and you are done
I have had times when I needed to run openvpn as sudo on linux
-Repeat the adding of a client bundle for each client.
YAY, done, comment if you have any questions, changes, additions, or well comments.
Hope this helps you
EDIT: fixed it a little, added the image link