'''IMPORTANT: we're transitioning Going forward, you will need to not having OpenVPN built in, but rather as an app, install the Amahi [http://www.amahi.org/apps/openvpn OpenVPN one-click app]'''application.
Remote VPN access '''You need to forward one port (1194/UDP) to your Amahi HDA comes pre-configured out of the box. There is nothing 's IP''' to configure in the serverenable your OpenVPN service from outside your network.
'''You need to forward one port (1194/UDP) to your HDA's IP''' to enable the VPN. You will also need a client software.
Once connected from outside your network, your computer becomes virtually a computer in your home network. All your files and services are as easily accessible as when you are at home.
* Your router needs to forward '''UDP port 1194''' to the IP address of your HDA. The way to do this is through port forwarding, which varies from router to router. Make sure you forward UDP (not TCP)
= OpenVPN Clients For Windows, Mac, Linux, Android, iPhone, ... =
Check the page for [[VPN OpenVPN clients]].
= Resources on Port Forwarding References =
* Massive database of [http://www.portforward.com/english/routers/port_forwarding/routerindex.htm Massive database of port forwarding ] information by router].* YouTube Video on Port Forwarding for Linksys Routers: [http://www.youtube.com/watch?v=GWPUdW1kIJAYouTube Video] on Port Forwarding for Linksys Routers.
= Bridging VPN and eth0 =
Ff If you'd like your VPN clients to get IP addresses in the same subnet as your HDA, and not in the 10.8.0.0/24 subnet (default), read this page: [[VPN Bridging]]. = IP Forwarding (Ubuntu) = Something that is often asked on the forums is how to have access to your remote LAN's resources while connected to your HDA. One way to accomplish this is through bridging VPN and eth0 on your HDA. This process may not be necessary for some users and a script has been developed by user olson of the forum to accomplish this task. Not only with this script allow for a user to browse to their remote LAN's resources, the user will also be able to browse the internet while connected to their VPN. Below is the script and instructions for how to run it. Please keep in mind that this is for Ubuntu based HDA's ONLY. <pre>#!/bin/bashlog_file="/tmp/openvpn_extra.log" function log(){ echo -e "$(date +%b\ %d\ %H:%M:%S) $(hostname -s) openvpn_extra: $@" >> $log_file echo -e "$(date +%b\ %d\ %H:%M:%S) $(hostname -s) openvpn_extra: $@"} # Enable it right nowif ! echo 1 > /proc/sys/net/ipv4/ip_forward; then log "FATAL: could not enable ip_forward for immediate use" exit 1fi if ! iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; then log "FATAL: could not set iptables for immediate use" exit 1fi #set it up so it does it at startupif ! sed -i 's/#net.ipv4.ip_forward=.*\+/net.ipv4.ip_forward=1/' /etc/sysctl.conf; then log "FATAL: could not set ip_forward permanantly" exit 1fiif ! sh -c "iptables-save > /etc/iptables.rules"; then log "FATAL: could not set iptables permanantly" exit 1fi sudo cat > /etc/network/if-pre-up.d/iptablesload <<EOF#!/bin/shiptables-restore < /etc/iptables.rulesexit 0EOF sudo cat > /etc/network/if-post-down.d/iptablessave <<EOF#!/bin/shiptables-save -c > /etc/iptables.rulesif [ -f /etc/iptables.downrules ]; then iptables-restore < /etc/iptables.downrulesfiexit 0EOF if ! chmod +x /etc/network/if-post-down.d/iptablessave; then log "FATAL: Could not chmod the iptablessave script" exit 1fiif ! chmod +x /etc/network/if-pre-up.d/iptablesload; then log "FATAL: Could not chmod the iptablesload script" exit 1fi echo "Done"
= Troubleshooting =exit 0* Make sure your HDA's network IP range is different than that of the remote network. (e.g. if your HDA's IP address is 192.168.1.X, you cannot connect to it on a remote network also using 192.168.1.X)</pre>
* If you are running your HDA You can then run the script with the following command from a Verizon FiOS connection, you may experience strange disconnections. This may be due to the Actiontec router's small NAT table. Please see guides here httpCLI://www.verizonfioswiki.com/index.php/Using_Your_Own_Router for instructions on how to use your own router.
* If you have a Vonage V-Portal (or perhaps other voip adapters as well), plug your router into your modem, then the v-portal into your router. Vonage tells you to put the v-portal between the modem and the router, but I was unable to connect to vpn until I moved the adapter behind the router sudo bash openvpn_extra.sh
* = Troubleshooting =Check out the [[VPN_troubleshootingOpenVPN troubleshooting]] page for more troubleshooting tips.
= Implementation =
The VPN solution is implemented through the very popular [http://openvpn.net/ OpenVPN] software VPN.
= Custom Certs =
To see how one can create custom certificates for us in Amahi's OpenVPN, see the details in the [[OpenVPN custom certificates]] page.
[[Category: Services]]
[[Category: VPN]]
