OpenVPN linking laptops to Windows domain
Monday, June 16th, 2008 at 1:43 pm
OpenVPN is an easy way to link off-site computers into your work’s network for many uses. The primary use I will cover today is how to use OpenVPN to login to a Samba Primary Domain Controller.
There is an easy to use Windows installer that will set up OpenVPN virtual interfaces, as well as the OpenVPN Service. Once installed, open the OpenVPN configuration directory, linked in the OpenVPN Start Menu folder. In Windows, OpenVPN configuration files end in .ovpn.
Here is example configuration files for the Windows side:
dev tun
proto udp
remote <server address> 5000
resolv-retry infinite
persist-key
persist-tun
comp-lzo
cipher AES-128-CBC
ifconfig 10.5.5.2 10.5.5.1
keepalive 10 120
secret static.key
route 172.16.254.0 255.255.255.0 10.5.5.1
tun-mtu 1500
fragment 1400
mssfix
And similarly for the server:
port 5000
proto udp
dev tun
ifconfig 10.5.5.1 10.5.5.2
push "route 172.16.254.0 255.255.255.0"
cipher AES-128-CBC
tun-mtu 1400
fragment 1300
mssfix
keepalive 10 120
comp-lzo
persist-key
persist-tun
secret static.key
In this example, static.key is the same file for both sides, generated by this command: openvpn –genkey
The routes you see being pushed (172.16.254.0/24) are that of the LAN within the office network. Adding these routes in OpenVPN will allow you to access any machine or service on the work network from the laptop connected with OpenVPN.
The OpenVPN service will automatically start on boot if enabled. Running services.msc and changing OpenVPN to Automatic should create the link to the remote office before the Log In dialog in Windows is shown.
In order to be able to log in to a Windows Domain hosted on the work network, an LMHOSTS file is necessary to tell the laptop the address of the Primary Domain Controller (PDC).
This file is kept in C:\Windows\System32\Driver\Etc by default. The LMHOSTS file has no file extension, so using Edit.com may be the easiest way to create the file. Microsoft has specific rules on how this file should be formated.
Here is an example LMHOSTS file:
172.16.254.1 NAGLESERVER #PRE #DOM:NAGLE
172.16.254.1 "NAGLE \0x1b" #PRE
Now, Windows will know to talk to NAGLESERVER at 172.16.254.1 for authentication and file shares for the NAGLE domain.
OpenVPN linking laptops to Windows domain
There is an easy to use Windows installer that will set up OpenVPN virtual interfaces, as well as the OpenVPN Service. Once installed, open the OpenVPN configuration directory, linked in the OpenVPN Start Menu folder. In Windows, OpenVPN configuration files end in .ovpn.
Here is example configuration files for the Windows side:
And similarly for the server:
In this example, static.key is the same file for both sides, generated by this command: openvpn –genkey
The routes you see being pushed (172.16.254.0/24) are that of the LAN within the office network. Adding these routes in OpenVPN will allow you to access any machine or service on the work network from the laptop connected with OpenVPN.
The OpenVPN service will automatically start on boot if enabled. Running services.msc and changing OpenVPN to Automatic should create the link to the remote office before the Log In dialog in Windows is shown.
In order to be able to log in to a Windows Domain hosted on the work network, an LMHOSTS file is necessary to tell the laptop the address of the Primary Domain Controller (PDC).
This file is kept in C:\Windows\System32\Driver\Etc by default. The LMHOSTS file has no file extension, so using Edit.com may be the easiest way to create the file. Microsoft has specific rules on how this file should be formated.
Here is an example LMHOSTS file:
Now, Windows will know to talk to NAGLESERVER at 172.16.254.1 for authentication and file shares for the NAGLE domain.