On 01/06/12 11:11, Jim Rippon wrote:
I don't know whether Draytek routers will connect to an OpenVPN server - you may have to be a little more clever to make this work. In the past I have had my openvpn server establish vpns directly out to vpn-capable devices (I would connect to openvpn on a VPS server for "roadwarrior" type remote access, and that server itself would establish IPSec VPN connections to my DSL router at home)
From your experience (hindsight), I assume OpenVPN remains the best solution (rather than using something IPSec based at the server to do the whole job?)
I do something similar with my various internet-connected devices and connect back to a "hub" OpenVPN server running on a small VPS out there in the interwebs.
That's pretty much the model I'm going for.
This works well for me, I install the relevant key files on each of my devices (linux/windows laptops and desktops, android devices etc) and configure openvpn to start automatically at boot and connect to the server.
How do you manage the key file and configuration creation? (Is it sufficiently small numbers that you just do it manually?) Ie, what steps do you have to go through when you need to add a new device to the system?
The server config is set to permit connectivity between client machines, and I reserve individual addresses for those devices which I might need to connect to remotely.
I'm not sure I quite understand this bit. I need to control access between different client machines - groups of devices from the same end user should talk to each other, but others shouldn't. Actually that's not quite true: there's no benefit to the individual devices talking to each other, what I need is to be able to create a client connection for a human to access all their own devices web interfaces. Is this what you do or are you able to just allow all of the devices to connect to each other?
Looking at your config I think you do have multiple groups on different subnets, is that right?
Hope this helps,
It certainly does, thanks.