How To Set Up a Site-to-Site VPN with OpenVPN

[Unregistered]

Hi All,

I've been following this guide to set up a secure vpn between two sites and have run into an issue.

For the server side, I've installed openvpn on a box running openfiler. I've created the keys and certs according to the the guide and copied the config provided (changing the ip addresses to match my network settings). When I attempt to start the server I get the following error:

openvpn: symbol lookup error: openvpn: undefined symbol: SSL_CTX_set_info_callback.

Anyone have any suggestions?

 

[garyzhang001]

Are you looking to set up a site-to-site VPN with OpenVPN on your SSG / NS5?
If so, that's not going to happen.
ScreenOS doesn't support OpenVPN.
To set up a site-to-site VPN between your ScreenOS devices, you'll be using IPsec VPNs. You can do route-based or policy-based, depending on your needs.

 

[webdealer]

Hi

I am following your guide, and I find it very good, but I miss a few details, as i got a TLS error in my setup, I guess the error is to be found in my server.conf file, It could be good to have a sample of your server.conf file to verify.

I also miss ip adresses on your network diagram as its not clear for me what ip your router and vpn server/clients got. I am unsecure when you use ip 10.1.1.2, is that your openvpn machine or your router wan ip, etc, do you have a "real internet cloud" in between as your WAN adresses will be needed as well. Or are your routers direct connected,

hope you can help me here, bacially what i would like is a better network diagram including IP adresses and a copy of your server.conf .

thank you very much.

 

[rototiller]

Hi

I am following your guide, and I find it very good, but I miss a few details, as i got a TLS error in my setup, I guess the error is to be found in my server.conf file, It could be good to have a sample of your server.conf file to verify.

I also miss ip adresses on your network diagram as its not clear for me what ip your router and vpn server/clients got. I am unsecure when you use ip 10.1.1.2, is that your openvpn machine or your router wan ip, etc, do you have a "real internet cloud" in between as your WAN adresses will be needed as well. Or are your routers direct connected,

hope you can help me here, bacially what i would like is a better network diagram including IP adresses and a copy of your server.conf .

thank you very much.

Trying to hack into his/her network?

 

[webdealer]

Trying to hack into his/her network?

Not at all

actually with those IPs , I assume that its a test network,

I don't care if the IPs on the drawing is real IP. I would just like them to match the guide. it could be "GW external ip" instead of "x.x.x.x"

actually I fixed the problem by myself, the tunnel is up, I just need to configure my client to have access to the network behind the server virsa-versa

 

[ByerRA]

Hi,

I found this guide (which is excellent) but came upon an issue.

When setting up the "server.conf" file, the link for the "for this example, the OpenVPN server's config file (server.conf) looks like this." file is broken, all I get is a blank web page and would like to know if it's available anywhere else for this particular "example".

 

[thiggins]

Sorry about that. Use this link
http://www.smallnetbuilder.com/static_pages/wide_pages/howto_openvpn_config.htm

 

[Manea Florin]

Thank you for this tutorial!!

But, please, without demo's IP-s for gw , routers etc it is uncomplete!
I am not able to complete my setup, and it is very, very frustrating!

In my best scenario, I can ping from my virtual ubuntu (which holds the openvpn client) to my open vpn server .
Reverse ping not working (from server to ubuntu)
Ping from other pc's in my network to open vpn server not working

Thank you in advance!