I’ve just spent an afternoon tweaking an OpenVPN install, and I thought it would be a good idea to document it here. Not the world’s most interesting post, but it’s my method, and I want to document it.
The best solution I found was to have the server on it’s own subnet:
This sets up a Windows-friendly, routed OpenVPN. (TAP32, the windows tap driver, can’t handle arbitrary IP routed VPNs, each link has to have a private /30 network)
Then, the Windows client side:
This is nice and simple, and has the advantage of pulling a lot of configuration from the server rather than statically storing it on the client.
My network has Proxy Autodetection. While I wanted DNS queries to go through the VPN, I didn’t want web traffic to. (DNS through vpn, is ugly, but necessary for finding private servers).
My solution was:
Apache, default site config snippet:
And a fallback, in-case the wpad is already cached, this at the top of the wpad: