environment OpenVPN Server on Gentoo, Windows Vista Client, ISA 2006
problem Establish VPN tunnel from Vista to Gentoo
solution
Server Install
- emerge openvpn and read the output about /etc/init.d
- Make sure you got CONFIG_TUN (details)
- Create keys and /etc/openvpn/hostname.conf files. A sample can be found here.
Vista Client Install
- Install at least OpenPVN 2.1_rc2 download because of this
- copy client.crt, client.key, ca.crt and optionally ta.key from your server /usr/share/openvpn/easy-rsa/keys/
- create hostname.ovpn in C:\\Program Files\\OpenVPN\\config and make sure to run the editor as administrator due to UAC. A sample can be found here.
actual problem I'd like to publish OpenVPN with a "Web Publishing Rule" on ISA 2006 and have ISA 2006 forward to the right machine
based on the domain. It sniffed the traffic and OpenVPN doesn't send a SSL "Client Hello" message at the beginning, but some other message tagged as "SSL Continuation" in Wireshark.
After thinking a little more, the scenario I'd like to implement wont be possible anyway, because ISA 2006 gets the domain from the HTTP traffic (details) and not from the SSL/TLS layer. Maybe a something similar to Apache/OpenVPN port sharing would be possible with a custom filter in ISA...