OpenVPN: Create a peer to peer Network between two Clients

Hi,

for creating a simple peer to peer network between two clients you do not have to setup a complete X.509 certificate based infrastructure. You can use a static key created by OpenVPN for such purposes.

In a Point-To-Point environment one Computer acts as server (vpnmachine1: 192.168.200.1) the other as client (vpnmachine2: 192.168.200.2).

The steps for Windows. Do the following steps on both machines

Install the latest OpenVPN Version. I assume to the default install path “C:\program files\OpenVPN”.

Create a config folder for your network and add 2 Firewall rules for in and out coming traffic

c:\> mkdir "C:\program files\OpenVPN\config\p2p-network"
c:\> netsh advfirewall firewall add rule name="OpenVPN" dir=out program="C:\program files\OpenVPN\bin\openvpn.exe" protocol=udp localport=1194 profile=any enable=yes action=allow
c:\> netsh advfirewall firewall add rule name="OpenVPN" dir=in program="C:\program files\OpenVPN\bin\openvpn.exe" protocol=udp localport=1194 profile=any enable=yes action=allow

Create the secret key “C:\program files\OpenVPN\config\p2p-network\p2p-network.key” at one of the machines (vpnmachine1) and copy it over a secure way (i.e. a AES256 encrypted 7z file. From man page: Encryption method. For 7z format, it can be only AES-256, respectively password protected 7z files are always AES256 encrypted) to vpnmachine2 in the equivalent folder.

c:\> "C:\program files\OpenVPN\bin\openvpn.exe" --genkey --secret "C:\program files\OpenVPN\config\p2p-network\p2p-network.key"
c:\> d:\tools\7-Zip\7z.exe a -t7z D.\temp\transport.7z -p -mhe=on "C:\program files\OpenVPN\config\p2p-network\p2p-network.key"
Properties 7z AES256
Properties 7z AES256

At the server create a config file “C:\program files\OpenVPN\config\p2p-network.ovpn”:

dev tun
ifconfig 192.168.200.1 192.168.200.2
secret "C:\\program files\\OpenVPN\\config\\p2p-network\\p2p-network.key"
# Compress traffic
comp-lzo
# These settings ensure that OpenVPN reconnects when the partner changes his IP Address
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

Start OpenVPN on Servermachine by OpenVPN GUI or enable the OpenVPN Service to wait for incoming connections.

c:\> sc config openvpnservice start= auto
c:\> sc start openvpnservice

See logfile “C:\program files\OpenVPN\log\p2p-network.log” if the service starts correct

Tue Aug 02 21:44:23 2016 TAP-WIN32 device [Ethernet] opened: \\.\Global\{A0393BF3-262F-4195-9C8F-83728407A993}.tap
Tue Aug 02 21:44:23 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.200.1/255.255.255.252 on interface {A0393BF3-262F-4195-9C8F-83728407A993} [DHCP-serv: 192.168.200.2, lease-time: 31536000]
Tue Aug 02 21:44:23 2016 Successful ARP Flush on interface [9] {A0393BF3-262F-4195-9C8F-83728407A993}
Tue Aug 02 21:44:23 2016 UDPv4 link local (bound): [undef]
Tue Aug 02 21:44:23 2016 UDPv4 link remote: [undef]

At the client machine the config “C:\program files\OpenVPN\config\p2p-network.ovpn” is straightforward expect the remote directive to define the Hostname or IP Address of the server where the client should connect to and the “ifconfig” option where the IP Addresses are turned in opposition to the server config.

remote vpnmachine1
dev tun
ifconfig 192.168.200.2 192.168.200.1
secret "C:\\program files\\OpenVPN\\config\\p2p-network\\p2p-network.key"
# Compress traffic
comp-lzo
# These settings ensure that OpenVPN reconnects when the partner changes his IP Address
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

To establish a connection use OpenVPN-GUI or start the OpenVPN Service.

Logfile “C:\Program Files\OpenVPN\log\p2p-network.log” should show something like this:

Tue Aug 02 21:47:13 2016 UDPv4 link local (bound): [undef]
Tue Aug 02 21:47:13 2016 UDPv4 link remote: [AF_INET]10.254.10.10:1194
Tue Aug 02 21:47:13 2016 Peer Connection Initiated with [AF_INET]10.254.10.10:1194
Tue Aug 02 21:47:13 2016 Initialization Sequence Completed

And test the connection

C:\>ping 192.168.200.1 -n 1

Pinging 192.168.200.1 with 32 bytes of data:
Reply from 192.168.200.1: bytes=32 time=1ms TTL=128

C:\>ping 192.168.200.2 -n 1

Pinging 192.168.200.2 with 32 bytes of data:
Reply from 192.168.200.2: bytes=32 time<1ms TTL=128

Michael

Leave a Reply Cancel reply