Book Image

OpenVPN Cookbook - Second Edition

By : Jan Just Keijser
Book Image

OpenVPN Cookbook - Second Edition

By: Jan Just Keijser

Overview of this book

OpenVPN provides an extensible VPN framework that has been designed to ease site-specific customization, such as providing the capability to distribute a customized installation package to clients, and supporting alternative authentication methods via OpenVPN’s plugin module interface. This book provides you with many different recipes to help you set up, monitor, and troubleshoot an OpenVPN network. You will learn to configure a scalable, load-balanced VPN server farm that can handle thousands of dynamic connections from incoming VPN clients. You will also get to grips with the encryption, authentication, security, extensibility, and certifications features of OpenSSL. You will also get an understanding of IPv6 support and will get a demonstration of how to establish a connection via IPv64. This book will explore all the advanced features of OpenVPN and even some undocumented options, covering all the common network setups such as point-to-point networks and multi-client TUN-style and TAP-style networks. Finally, you will learn to manage, secure, and troubleshoot your virtual private networks using OpenVPN 2.4.
Table of Contents (17 chapters)
OpenVPN Cookbook - Second Edition
Credits
About the Author
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface

Understanding the MULTI: bad source warnings


In this recipe, we focus again on a VPN configuration where we try to connect a client-side LAN to a server-side LAN. Normally, this is done by adding a client-config-dir directive to the OpenVPN server configuration, and then by adding the appropriate CCD file. However, if the CCD file is not found or is not readable, then the VPN connection will function properly, but the hosts on the client-side LAN will not be able to reach the hosts on the server-side LAN and vice versa. In this case, the OpenVPN server log file will show messages of the form MULTI: bad source, if the verbosity is set high enough. In this recipe, we will first set up a VPN as is done in the Routing:  subnets on both sides recipe from Chapter 2Client-server IP-only Networks, but with a missing CCD file for the client. Then, we will show how to trigger the MULTI: bad source warnings and what can be done to resolve the issue.

Getting ready

We use the following network layout...