OpenVPN Server Config Question

[IHazAQuestion]

Hi All,

So my client VPN is up and running successfully, I can get it to start, and everything looks good, now I have some questions about the OpenVPN server that I couldn't find straight forward answers to via Google.

1) If I already have a domain, do I still need to use a DDNS service?
1a) If yes, why exactly?
1b) If no, then how do I configure the settings in the router to use my existing domain?

2) I'm a bit confused on how to setup a client on a remote computer. I read the HTG article, but I'm just not getting it. For example, I want to connect to my home computer from work using the OpenVPN server running on my router. Do I need to install and create RSA keys on my work computer? Or do I create keys for my work computer from my home computer?

3) I notice there are two VPN server options. Why would a person need two servers?

4) Unrelated to VPN. I have a 2 TB WD Passport drive that will not mount. I'm having virtually the exact same problem as this guy:

http://forums.smallnetbuilder.com/showthread.php?t=8015&highlight=mounting+drive

I've waited upwards of two hours with no success, (meaning it's still spinning). Is that normal? Should I be looking at something else?

Thanks in advance for being patient.

 

[RMerlin]

So my client VPN is up and running successfully, I can get it to start, and everything looks good, now I have some questions about the OpenVPN server that I couldn't find straight forward answers to via Google.

1) If I already have a domain, do I still need to use a DDNS service?

Do you have a static IP, and do you have a hostname pointing to that IP in your domain in your DNS? If yes, then use that hostname to connect. Otherwise, you will still need to use a DDNS so you can get a static target for your VPN client to point at.

2) I'm a bit confused on how to setup a client on a remote computer. I read the HTG article, but I'm just not getting it. For example, I want to connect to my home computer from work using the OpenVPN server running on my router. Do I need to install and create RSA keys on my work computer? Or do I create keys for my work computer from my home computer?

It doesn't matter where you create the keys, as long you install the appropriate keys in their correct locations. You can even create the keys on the router itself if it's more convenient to you (be warned that generating the DH on the router's slow CPU can take a few minutes).

You will have some keys that need to be in the router, and other keys that need to be on the client (the computer from which you will be connecting).

You don't need to install OpenVPN at all on your home computer - only on the client that will connect with the router.

3) I notice there are two VPN server options. Why would a person need two servers?

For example, one could have a "primary" VPN server on port 1194 that connects as a tunnel, and a second instance listening on port 1195 that is configured as a TAP bridge. Then, you can connect either as a TUN or a TAP just by pointing at the appropriate port.

4) Unrelated to VPN. I have a 2 TB WD Passport drive that will not mount. I'm having virtually the exact same problem as this guy:

http://forums.smallnetbuilder.com/showthread.php?t=8015&highlight=mounting+drive

I've waited upwards of two hours with no success, (meaning it's still spinning). Is that normal? Should I be looking at something else?

Could be a number of reasons:

1) You have Download Master installed (which will regularly access the disk, never letting it idle)
2) The SATA to USB bridge in the Passport might not fully support passing the idle command to the disk
3) The disk firmware might not react properly to the idle command

 

[IHazAQuestion]

Merlin,

You know, sometimes the solution is as simple as stepping back for a day or two and re-reading everything carefully. I now have the server and client working successfully. Thank you!

In regards to the DDNS question, I don't have a static IP, but my cable company rarely changes my WAN IP. I'll try it that way for a little while and if it becomes annoying I'll sign up for DDNS service.

My final hurdle is the HDD. It's the latest and greatest passport and I just updated to the latest firmware. (http://www.wdc.com/en/products/products.aspx?id=640)

1) I don't have Download Master Install
2 & 3) Is there a way for me to test and/or verify this?

 

[RMerlin]

Merlin,

You know, sometimes the solution is as simple as stepping back for a day or two and re-reading everything carefully. I now have the server and client working successfully. Thank you!

In regards to the DDNS question, I don't have a static IP, but my cable company rarely changes my WAN IP. I'll try it that way for a little while and if it becomes annoying I'll sign up for DDNS service.

I would just avoid the trouble of finding yourself unable to connect home at the worst time, and signup for a free DDNS account with Asus themselves (I think there's even a link on the router's webui to start the registration process).

My final hurdle is the HDD. It's the latest and greatest passport and I just updated to the latest firmware. (http://www.wdc.com/en/products/products.aspx?id=640)

1) I don't have Download Master Install
2 & 3) Is there a way for me to test and/or verify this?

Not really, you'll probably have to look for more information online to see if other users have any experience related to the spindown capabilities of this particular model.

Make sure you did NOT exclude your drive in the three checkboxes on the Tools -> Other Settings page (i.e. leave all three boxes unchecked).