Only difference is I've configured this for tcp connections over port 444.
QUESTION: Some of the posts from the old forum mention that udp is more secure. Is this so? How do I go about switching from tcp 444 to udp 444?
I just picked 444 because 443 was in use. Is this ok?
Finally, how secure is this VPN? 256bit? 128? I'm a little fuzzy on this. I just generated 1 static key as I'm the only one who is going to be using this.
Yes udp is better. There should be entries in the VPN config file to specify protocol. Just change tcp to udp.
As far as port number, just make sure it's not being used by another program. Port 1194 is the openvpn default and works fine.
OpenVPN is secure. However, using certificates is more secure than using a shared key. _________________ Buffalo WHR-HP-G54 DD-WRT v23 SP2 std 09/15/06
WRT54GS v3.0 DD-WRT v23 SP2 vpn 09/15/06
1 x GS v1, 1 x GS v2, 2 x GS v2.1 v23 SP 2 std
I notice that when I connect to the VPN I'm able to access both subnets - my local one and the remote VPN one. Cisco calls this 'split tunnelling' I believe. how do I turn split tunnelling off? How do I force all traffic to go through the VPN?
Can you tell me more about your configuration? Are you using Windows on a laptop to connect to a router or router to router, etc? _________________ Buffalo WHR-HP-G54 DD-WRT v23 SP2 std 09/15/06
WRT54GS v3.0 DD-WRT v23 SP2 vpn 09/15/06
1 x GS v1, 1 x GS v2, 2 x GS v2.1 v23 SP 2 std
I'm running windows on laptop to connect to openvpn running on wrt. after connecting, i use remote desktop to access my pc at work. So the wrt is acting as my VPN endpoint and I'm the only client.
I'm concerned about split tunnelling because if someone hacks my lan or laptop wouldn't they be able to use my vpn tunnel to jump to my office? Also, when travelling, my travel isp (aol - no laughing!) doesn't allow email to be relayed (i have my own domain that i email from), but in a VPN environment I'd be able to have my mail sent through my work ISP which does allow relaying.
The gateway for non-local traffic can be set with a push from the VPN server or in Windows. I use Windows because some times I want to use the tunnel and other times not. When you connect to the Internet with Windows it assigns a default gateway. The gateway is the interface with the lowest metric. You can see the Windows route table with a "route print" command in a DOS window. You can change the gateway by changing the metric on one of the interfaces. For example, go to network connections, select properties for the vpn connection, select tcp/ip and select properties, select advanced, uncheck Automatic Metric and enter the number 1. This should send all internet traffic through the VPN tunnel. _________________ Buffalo WHR-HP-G54 DD-WRT v23 SP2 std 09/15/06
WRT54GS v3.0 DD-WRT v23 SP2 vpn 09/15/06
1 x GS v1, 1 x GS v2, 2 x GS v2.1 v23 SP 2 std
That's a pretty cool idea! What if I wanted to set the metric from the wrt - I don't remember seeing that option in the GUI...would I have to set the metric on both router's (the one I'm connected to physically or via WLAN plus my VPN endpoint at work)?
I appreciate the help, but hate to waste the hive mind on this trivial stuff. Are my questions answered in the wiki? If not, I'll add on to the end of the VPN howto page if appropriate.
Metric is a Windows only thing. It's calculated and used by Windows to select a default gateway if multiple interfaces are present. _________________ Buffalo WHR-HP-G54 DD-WRT v23 SP2 std 09/15/06
WRT54GS v3.0 DD-WRT v23 SP2 vpn 09/15/06
1 x GS v1, 1 x GS v2, 2 x GS v2.1 v23 SP 2 std
