Tweet
I need help configuring my OpenVPN Server!
Background specs:
Use case:
Questions:
Thanks!
server.conf:
port 1194
proto udp
dev tun
ca server/ca.crt
cert server/server.crt
key server/server.key
dh server/dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
push "route 172.16.4.0 255.255.255.0"
route 172.16.4.0 255.255.255.0
client-to-client
duplicate-cn
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
auth SHA256
user nobody
group nobody
persist-key
persist-tun
verb 3
explicit-exit-notify 1
client.ovpn:
client
dev tun
proto udp
remote 52.11.212.63 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
auth SHA256
verb 3
Cradlepoint S700 OpenVPN Client Config:
GENERAL
Tunnel Name: VPN Tunnel
Tunnel Mode: Client
Certificate Name: certs
Device Type: Routed
Support IPv6 Tunnels: Disabled
Tunnel Protocol: UDP
Port: 1194
Ping: 10
Ping Restart: 60
Client NAT: Enabled
SECURITY
Cipher: AES-256-CBC
Auth Algorithm: SHA256
Verify peer certificate: Enabled
TLS-Authentication: Enabled
REMOTE SERVERS
Host: 5x.1x.2xx.6x (Intentionally hidden)
Port: 1194
Protocol: UDP
ROUTES
None
Background specs:
- I'm running OpenVPN Server Community Edition on a AWS EC2 server instance using port 1194 (opened in security settings)
- OpenVPN Server assigned itself virtual IP address 10.8.0.1
- My MacBook Air M2 laptop is an OpenVPN client (AKA client01), can connect to the OpenVPN Server, and is assigned virtual IP address 10.8.0.2 by OpenVPN Server
- My Cradlepoint S700 router is an OpenVPN client (AKA client02), can connect to the OpenVPN Server, and is assigned virtual IP address 10.8.0.3 by OpenVPN Server
- Server, laptop, router can all ping each other, so VPN itself works
Use case:
- I wanna remotely access devices connected to Cradlepoint S700 router (AKA client02) from my laptop (AKA client01) via OpenVPN server (10.8.0.1)
- Devices connected to the router are assigned IPs addresses on the router's 172.16.4.x network
- e.g., router config web dashboard has IP address 172.16.4.1
Questions:
- How do I configure my OpenVPN server (see server.conf specs below)?
- Do I need to configure my OpenVPN client(s)? If so, how (see client.conf specs below)?
- Do I need to configure anything else on my router (see router config specs below)?
- Anything else need to be configured on AWS end?
Thanks!
server.conf:
port 1194
proto udp
dev tun
ca server/ca.crt
cert server/server.crt
key server/server.key
dh server/dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
push "route 172.16.4.0 255.255.255.0"
route 172.16.4.0 255.255.255.0
client-to-client
duplicate-cn
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
auth SHA256
user nobody
group nobody
persist-key
persist-tun
verb 3
explicit-exit-notify 1
client.ovpn:
client
dev tun
proto udp
remote 52.11.212.63 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
auth SHA256
verb 3
Cradlepoint S700 OpenVPN Client Config:
GENERAL
Tunnel Name: VPN Tunnel
Tunnel Mode: Client
Certificate Name: certs
Device Type: Routed
Support IPv6 Tunnels: Disabled
Tunnel Protocol: UDP
Port: 1194
Ping: 10
Ping Restart: 60
Client NAT: Enabled
SECURITY
Cipher: AES-256-CBC
Auth Algorithm: SHA256
Verify peer certificate: Enabled
TLS-Authentication: Enabled
REMOTE SERVERS
Host: 5x.1x.2xx.6x (Intentionally hidden)
Port: 1194
Protocol: UDP
ROUTES
None