that connection is more than sufficient. Should work flawlessly. Here are the steps that you will need to accomplish in order to get this working.
1.) install openvpn on both computers
sample command for ubuntu:
2.) generate the key on on server and securly copy it to the other (usb-stick, ssh connection or something like that - NEVER USE EMAIL !)
sudo apt-get install openvpn
sample command for generating the key:
remember the filename "static.key" you will need it in the config file !
sudo openvpn --genkey --secret /etc/openvpn/static.key
3.) port forward tcp 443 on your home network from your router to your machine running the openvpn.
This i cannot help you with, as i don't know what kind of hardware you are running.
4.) get yourself a hostname from no-ip.org or dyndns.org
go to no-ip.com and sign up for a free account.
- log into that account
- on the side, choose add
- create a hostname you desire
- download the client for no-ip *on your home computer* with this command
unpack the client
now, the next steps are probably not a good idea, but that is how i do it. quick and dirty, without packaging or anything. if you are unsure about this, try to find yourself a packaged version of the no-ip client or a different tutorial
tar xvf noip-duc-linux.tar.gz
copy the no-ip executable to /sbin with this command
next, make sure that the /usr/local/etc directory exists. If it does not, create a symlink to /etc in /usr/local (or so i do it)
sudo cp noip-2.1.7/binaries/noip2-Linux* /sbin
lastly, run the appropriate command (eiter 32bit or 64bit) for your machine to configure the no-ip client
that should ask you some questions. In that process it should ask you for your newly setup hostname. once that is done, the last thing to do is run the client by simply calling it without the -C flag.
If you want it to come up after boot, i suggest you take a peek at the start/stop scripts supplied in the archive, or you edit your /etc/rc.local accordingly
5.) write the config file for the openvpn clients. They are mostly the same, they just different in a few lines.
there are the following things to looks out for:
- the work computer should ONLY use the remote command and should connect to your no-ip/dyndns name
- the home computer should ONLY use the float and local option. It should NOT try to connect to the work computer, but passivly wait for a connection
- both processes should use TCP instead of UDP and should use port 443 instead of the standard 1194
here is a sample config for the work computer
And here is a sample config for your computer at home:
ifconfig 10.17.0.1 10.17.0.2
The bold lines need to be modifed by you. They need to match your setup. one *must* hold the no-ip name, one *must* hold the local ip-address of the machine running the process. It might be possible that you also need to add the "float" option to one or both config files
ifconfig 10.17.0.2 10.17.0.1
The italic lines are your configuration. You can change that, but you can also leave it. Note that the ifconfig statement is swapped. The first if always the local IP, the second the remote ip. These will be the IP's of the computers once they are connected to each other.
Also they key is marked. I chose the same path as in my generation example, so you can leave it like that if you did not change anything. But you might need to fix that
The underlined options are for pure interesst only. They make sure you are using a port 443 connection. Also, i am not sure if it is possible to only specifiy rport or lport alone - it might be that you need to specify both (i have not tested this setup - i am writing this of the top of my head)
6.) test the connection (see if it comes up) from work. You possibly (if it does not come up) need someone at your house to type in some commands/change configs if you have no remote access to your home machine from work.
you can start the openvpn with the following command:
if anything fails, check the logs for error messages
sudo /etc/init.d/openvpn start
i hope everything worked fine. If you get here, you should be able to access the server at work from your home machine via the ip 10.17.0.1.
Ok, that was a very long post. i hope it helps (somewhat)