Personal Telco VPN

This is a page to tie together any and all information about a ["VPN"] which exists within ["PTPnet"]. At some point in the DistantFuture, JimmySchmierbach worked on a proposal (with assistance from KeeganQuinn) to build VPN connections between some (if not all) nodes. There are a few motivations to do this:

Here are the places on this wiki where there is currently information on VPNs:


The goal is to scrape the cruft off the partially implemented VPN, build something new and functional according to Jimmy's ideas, and then document it here so that it can be maintained/learned-from with ease. After some brainstormin between myself, DonPark, and RussellSenior, the consensus is to start with NodesBehindNat using maintainance as a motivator, and then, if we have extra time and energy, to work on interconnecting other nodes.


At least for now, we will use 1 server and several clients. At some point, it will make more sense to use the more scalable organization suggested by Jimmy, where most nodes connect to maybe three other nodes (cornerstone, bone, and alithea, historically), and then those nodes connect once more upstream to the supernode (donk) to create a sort of 2-hop hierarchy.


To make a new client key do something like this:

ssh you@donk
cd /usr/share/doc/openvpn/examples/easy-rsa
sudo ./build-key thenode
sudo cp thenode.key thenode.crt /etc/openvpn/keys/

Then, do the configuration on the server side - add a file in /etc/openvpn/ccd with a name like The contents should be something like (replacing 10.11.255.X with an unused IP within from the NetworkAddressAllocations page):

ifconfig-push 10.11.255.X

Finally, you must configure the client. Do something like:

ssh you@thenode
sudo apt-get update
sudo apt-get install openvpn
cd /etc/openvpn
sudo scp you@donk:/etc/openvpn/keys/thenode.* .
sudo scp you@donk:/etc/openvpn/keys/ca.crt .

Create the clients configuration file at /etc/openvpn/client.conf

remote 1195
proto udp
dev tap
ca /etc/openvpn/ca.crt
cert /etc/openvpn/thenode.crt
key /etc/openvpn/thenode.key

And finally, start openvpn on the client-side:

/etc/init.d/openvpn restart

Now, you should be able to goto from the client and get to donk, or 10.11.255.X (where X is whatever you assigned it) on donk to get to the client.