Im having hard time to understand how to configure it.
Can anyone assist?
I bet its pretty simple to one who knows..
Can anyone assist?
I bet its pretty simple to one who knows..
How to configure OpenVPN to work with my android /mac os computer?
- Ersteller e-r-a-n
- Erstellt am
Quite sure it is.
But it is hard if you can only guess, what you want to achieve and what you already did ;-).
But it is hard if you can only guess, what you want to achieve and what you already did ;-).
I have upgraded recently my fritz box 7390 to latest trunk version with external package containing, among other things, openvpn.
I have installed openvpn client on my android device.
What I want to achieve is having access to my devices in my home network with internal ip, exactly as vpn is supposed to be, from both my mac os computer / android device
I have installed openvpn client on my android device.
What I want to achieve is having access to my devices in my home network with internal ip, exactly as vpn is supposed to be, from both my mac os computer / android device
Yea, that's the problem, there ist no such thing like a "supposed behaviour" of a "network".
Can you use a tunnel or do you need a bridging connection (much more hassle)?
Which settings are possible in your clients (regarding static key or certificates, ciphers, compression)?
Following the possible settings on all of your clients you should be able to set them inside the OpenVPN GUI:
First Step:
Until the connection is working, put start type to "manual".
Then just follow the settings, as you decided for your settings:
Select "Server" (obviously ;-)
Then "TUN" or "TAP" and protocol (UDP is preferred)
Select static key or certificates for security and select the cipher as on your client ("blowfish" is the default).
If you want to use "static key" copy it from the box to your clients.
Note: only with certificates there can be more than one client connected.
If you need certificates, copy them to your box (there is one entry in the menu for all the needed files:
cert of ca, cert and key for the server and the dh-file).
Next step is IP settings and routing. If it doesn't collide with the clients, just use the proposed network for TUN.
Fill in the max number of clients to connect, this will allow to set an IP network rather than a point-to-point IP setting.
Then give a "DHCP range" for the clients (e.g. "192.168.200.10 192.168.200.20")
Last option is to decide wether to use lzo compression.
Can you use a tunnel or do you need a bridging connection (much more hassle)?
Which settings are possible in your clients (regarding static key or certificates, ciphers, compression)?
Following the possible settings on all of your clients you should be able to set them inside the OpenVPN GUI:
First Step:
Until the connection is working, put start type to "manual".
Then just follow the settings, as you decided for your settings:
Select "Server" (obviously ;-)
Then "TUN" or "TAP" and protocol (UDP is preferred)
Select static key or certificates for security and select the cipher as on your client ("blowfish" is the default).
If you want to use "static key" copy it from the box to your clients.
Note: only with certificates there can be more than one client connected.
If you need certificates, copy them to your box (there is one entry in the menu for all the needed files:
cert of ca, cert and key for the server and the dh-file).
Next step is IP settings and routing. If it doesn't collide with the clients, just use the proposed network for TUN.
Fill in the max number of clients to connect, this will allow to set an IP network rather than a point-to-point IP setting.
Then give a "DHCP range" for the clients (e.g. "192.168.200.10 192.168.200.20")
Last option is to decide wether to use lzo compression.
Yea, that's the problem, there ist no such thing like a "supposed behaviour" of a "network".
this is for mainly configurations from remote. like reconfiguring a raspberry pi or something like that. Its too risky and difficult to do port forwarding to this service and that device...having the vpn for internal access, like in-organization, would be the easiest & most secure
Can you use a tunnel or do you need a bridging connection (much more hassle)?
Which settings are possible in your clients (regarding static key or certificates, ciphers, compression)?
Im not familiar with tunnel/bridge setup in that scenario or its effects when talking about vpn. sorry
About settings, Well, whatever is enough for my requirements is fine with me. Im sure all of them are secure enough.
I need to configure my android as well, so im not sure what is possible and what is not.. but as i understand with static key only I can access the vpn, and no one else in parallel to me. correct?
Following the possible settings on all of your clients you should be able to set them inside the OpenVPN GUI:
First Step:
Until the connection is working, put start type to "manual".
Then just follow the settings, as you decided for your settings:
Select "Server" (obviously ;-)
Then "TUN" or "TAP" and protocol (UDP is preferred)
Which one suites better for my needs?
Select static key or certificates for security and select the cipher as on your client ("blowfish" is the default).
If you want to use "static key" copy it from the box to your clients.
Note: only with certificates there can be more than one client connected.
If you need certificates, copy them to your box (there is one entry in the menu for all the needed files:
cert of ca, cert and key for the server and the dh-file).
Next step is IP settings and routing. If it doesn't collide with the clients, just use the proposed network for TUN.
Fill in the max number of clients to connect, this will allow to set an IP network rather than a point-to-point IP setting.
Then give a "DHCP range" for the clients (e.g. "192.168.200.10 192.168.200.20")
Last option is to decide wether to use lzo compression.
After all that, How do I actually enter all the settings to my phone / laptop?
this is for mainly configurations from remote. like reconfiguring a raspberry pi or something like that. Its too risky and difficult to do port forwarding to this service and that device...having the vpn for internal access, like in-organization, would be the easiest & most secure
Can you use a tunnel or do you need a bridging connection (much more hassle)?
Which settings are possible in your clients (regarding static key or certificates, ciphers, compression)?
Im not familiar with tunnel/bridge setup in that scenario or its effects when talking about vpn. sorry
About settings, Well, whatever is enough for my requirements is fine with me. Im sure all of them are secure enough.
I need to configure my android as well, so im not sure what is possible and what is not.. but as i understand with static key only I can access the vpn, and no one else in parallel to me. correct?
Following the possible settings on all of your clients you should be able to set them inside the OpenVPN GUI:
First Step:
Until the connection is working, put start type to "manual".
Then just follow the settings, as you decided for your settings:
Select "Server" (obviously ;-)
Then "TUN" or "TAP" and protocol (UDP is preferred)
Which one suites better for my needs?
Select static key or certificates for security and select the cipher as on your client ("blowfish" is the default).
If you want to use "static key" copy it from the box to your clients.
Note: only with certificates there can be more than one client connected.
If you need certificates, copy them to your box (there is one entry in the menu for all the needed files:
cert of ca, cert and key for the server and the dh-file).
Next step is IP settings and routing. If it doesn't collide with the clients, just use the proposed network for TUN.
Fill in the max number of clients to connect, this will allow to set an IP network rather than a point-to-point IP setting.
Then give a "DHCP range" for the clients (e.g. "192.168.200.10 192.168.200.20")
Last option is to decide wether to use lzo compression.
After all that, How do I actually enter all the settings to my phone / laptop?
If you only need TCP connections, using TUN is ok for you. You can then reach your devices via IP.
The "simple" way is using "static keys", you can copy the key from the box to the clients.
The drawback is, this allows only one active connection. But for the alternative you will need to generate a bunch of certificates (e.g. as described here).
The client should be started with a configuration file, the newer versions of openvpn allow to have "everything in one file", even the keys and certificates using "inline" files like this:
So, the "easy" way is following the first example in the wiki. The settings should be clear, even if it is in german there ;-)
The corresponding client config is there, too. Just fill in the your dyndns name as "remote" and replace the "secret <file>" entry with the "inline file" as explained above.
Just take the same config for both clients an you are done (almost).
There is one thing left: You will nedd a "port forwarding" to the openVPN Port (UDP 1194 is the default). Easiest way is to use "AVM firewall package".
The "simple" way is using "static keys", you can copy the key from the box to the clients.
The drawback is, this allows only one active connection. But for the alternative you will need to generate a bunch of certificates (e.g. as described here).
The client should be started with a configuration file, the newer versions of openvpn allow to have "everything in one file", even the keys and certificates using "inline" files like this:
Code:
<secret>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
... your key here ...
-----END OpenVPN Static key V1-----
</secret>So, the "easy" way is following the first example in the wiki. The settings should be clear, even if it is in german there ;-)
The corresponding client config is there, too. Just fill in the your dyndns name as "remote" and replace the "secret <file>" entry with the "inline file" as explained above.
Just take the same config for both clients an you are done (almost).
There is one thing left: You will nedd a "port forwarding" to the openVPN Port (UDP 1194 is the default). Easiest way is to use "AVM firewall package".
If you only need TCP connections, using TUN is ok for you. You can then reach your devices via IP.
Having only TCP is a good start for me (and maybe enough, i'll see what comes with the hunger for more later
The "simple" way is using "static keys", you can copy the key from the box to the clients.
The drawback is, this allows only one active connection. But for the alternative you will need to generate a bunch of certificates (e.g. as described here).
Thats ok, Im the only client anyway. It will be either my phone or my computer. I can manage (again, as a start)
The client should be started with a configuration file, the newer versions of openvpn allow to have "everything in one file", even the keys and certificates using "inline" files like this:
So, the "easy" way is following the first example in the wiki. The settings should be clear, even if it is in german there ;-)
The corresponding client config is there, too. Just fill in the your dyndns name as "remote" and replace the "secret <file>" entry with the "inline file" as explained above.
Just take the same config for both clients an you are done (almost).
I tried to take one of the examples, and as you describe, I did:
remote my remote dyndns account
proto udp
dev tun
ifconfig 192.168.200.2 192.168.200.1
route 192.168.178.0 255.255.255.0
<secret>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
my key here
-----END OpenVPN Static key V1-----
</secret>
tun-mtu 1500
float
mssfix
nobind
verb 3
keepalive 10 120
Then I copied it to a file and used my android device and imported that file.
but it still requires a certificate. why is that?
Having only TCP is a good start for me (and maybe enough, i'll see what comes with the hunger for more later
The "simple" way is using "static keys", you can copy the key from the box to the clients.
The drawback is, this allows only one active connection. But for the alternative you will need to generate a bunch of certificates (e.g. as described here).
Thats ok, Im the only client anyway. It will be either my phone or my computer. I can manage (again, as a start)
The client should be started with a configuration file, the newer versions of openvpn allow to have "everything in one file", even the keys and certificates using "inline" files like this:
Code:
<secret>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
... your key here ...
-----END OpenVPN Static key V1-----
</secret>So, the "easy" way is following the first example in the wiki. The settings should be clear, even if it is in german there ;-)
The corresponding client config is there, too. Just fill in the your dyndns name as "remote" and replace the "secret <file>" entry with the "inline file" as explained above.
Just take the same config for both clients an you are done (almost).
I tried to take one of the examples, and as you describe, I did:
remote my remote dyndns account
proto udp
dev tun
ifconfig 192.168.200.2 192.168.200.1
route 192.168.178.0 255.255.255.0
<secret>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
my key here
-----END OpenVPN Static key V1-----
</secret>
tun-mtu 1500
float
mssfix
nobind
verb 3
keepalive 10 120
Then I copied it to a file and used my android device and imported that file.
but it still requires a certificate. why is that?
Zuletzt bearbeitet:
Sorry, seems that there are some limitations (at least in the android version):
- Only TUN mode supported (no issue here)
- Only certificates possible (not "static key")
So, first step for you will be to generate certificates...
- Only TUN mode supported (no issue here)
- Only certificates possible (not "static key")
So, first step for you will be to generate certificates...
Neueste Beiträge
-
Fritzbox 7590 mit 2 Repeater 2400 als Mesh Netzwerk- Letzte: Zwanzigeinundzwanzig
-
RFT und SIP- Letzte: stoney
-
neue 7690 - trotz hoher WLan syncs miese Transferraten
- Letzte: stoney
-
[Gelöst] Unterstützt der Kabel-Anbieter RFT mittlerweile SIP mit FritzBoxen?
- Letzte: sergiobrb75
