Hi group,

Before I begin work on configuring OpenVPN for my application, I have a question on whether how I plan on setting it up is even feasble or not. You can see a diag at www.viser.net/~mariode/netdiag.jpg of my current network configuration as well as the other end of my proposed tunnel.

My question relates to the implementation based on my network configuration. What I would like to do is access the linux/FC2 file server (running samba/apache) both internally and from the other end of a tunnel. I would also like to host a small site accessable to th world.

Currently I forward port 80 requests through my hardware firewall/router and am able to access the site as expected. I can also access shares on the samba server within my internal network.

I wasn't sure if I could configure OpenVPN as I have outlined. All documentation refers to configurations where the samba server is within the internal network and a linux box is acting as gateway with two nics. In my case I am not. Will OpenVPN kill my website access? Do I need to set up another box with Linux and OpenVPN alone acting as a gateway? ????'s More information as requested.

Any recomendations, suggestions, or otherwise would be appreciated. Thanks

tonydm

It's certainly possible to have an OpenVPN setup using only one network card. Many users have asked similar questions on the openvpn-users mailing; try searching the list archives on gmane.

To make things easier on yourself, why don't you install another network card into your Linux server? Have your router forward incoming packets to your OpenVPN "in" NIC, and use your other network card as the "out" NIC for remote users.

Since you're using Samba, I highly suggest using a bridged OpenVPN configuration. The routed configuration is a little tricker; you'll have to setup a WINS server.

And no, OpenVPN shouldn't conflict with your current configuration.

Thanks zeroion,

I not sure I understand your suggestion. What would my IP addressing look like. ie the "in" nic assigned 172.16.0.100 and the "out" nic assigned "?". Visa versa? Would it not have to have the same internal addressing class?

I currently am not running a firewall on the Linux FC2 server as I have the hardware firewall device. Which at first glance causes some confusion to the configuration as ALL documents I've read deals with tunneling through the firewall. Which does raise the question, what port(s) would I need to forward through my hardware firewall device? And I concur, bridged is what I was planning.

The "out" NIC would have the same address class as the rest of your internal network. Almost all the guides on the Internet assume a computer with two NICs, so consider the "in" NIC as the external interface and the "out" NIC as the internal interface, even though they are on the same network.

Depending upon which mode you run OpenVPN in, you'll need to forward some TCP or UDP ports (or both). If you run the OpenVPN as one server process, you'll only need to forward one port, which you'll specify in the configuration. If you want to run one process per each client, you'll have to forward one port for every client.