[CentOS] OpenVPN problem

Sun Feb 9 18:14:12 UTC 2014
Ken Smith <kens at kensnet.org>

Timothy Murphy wrote
> Kai Schaetzl wrote:
>
>    
>>> I'm having problems communicating with a remote server, with openvpn.
>>>        
>> {snip}
>> Second, what exactly are you doing/do you want to achieve?
>> VPN makes sense if you go thru a triangle (client ->  network a ->  network
>> b, where b allows access only from a) or if you want to secure certain
>> kinds of remote connections, but encapsulating an SSH link with a VPN
>> tunnel makes not much sense in my eyes.
>>      
> It is not clear to me what you are saying.
>
> Are you saying that having set up OpenVPN, with a server and clients,
> it is not a good idea to login to a remote site with "ssh somewhere-vpn"?
> If so, what is the best way (in your opinion) to connect to a remote site?
> Most sites I have looked at suggest using network-manager-openvpn-kde
> (I'm running Fedora-20/KDE).
> I'd prefer not to involve NM if that can be avoided,
> as it seems to me to add an unnecessary step to the operation.
> Others suggest using some kind of OpenVPN GUI.
>
> Or are you saying that I should use ssh directly without VPN?
> In my case the remote site has a dynamic IP address,
> and while I run ddclient there are times when this does not work.
>
> In practice I maintain both connections as a safety precaution.
>
> But I am genuinely interested in the best way to use OpenVPN.
> All the documents I looked at online spent their time
> explaining at inordinate length how to setup OpenVPN.
> If anyone knows of a site with a simple explanation
> of how to use OpenVPN (preferably with the commands and responses
> during an actual session) I should be very grateful.
>
>
>    
Its down to the question about what you are needing to do. If you just 
need SSH access then SSH direct without VPN is just fine. SSH itself is 
encrypted and the VPN just encrypts the already encrypted traffic again 
and just slows things down.

If you want other kinds of access to the remote machine, for example 
using protocols that don't use SSL themselves, such as legacy ones like 
telnet or ftp, then I'd put that traffic through a VPN.

The OpenVPN documentation has a quick setup section, or at least it used 
to. I found that a good way to get it going. But from your original post 
you were asking about MTU, suggesting that you are having network 
problems getting a reliable connection. Is a direct SSH connection 
reliable? From what you said it isn't. I'd investigate why that is first 
as diagnosing OpenVPN issues with a flaky underlying network might get 
very confusing. Is the remote machine at a datacentre somewhere? Is your 
local network and its internet connection solid?

:-) Ken

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.