• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
OpenVPN configuration for LAN gaming
#1
To be able to play LAN games over OpenVPN tunnel, please follow OpenVPN manual and create your unique certificates, one for server and one for players.
Also create one additional certificate using openvpn --genkey --secret tls-auth.key for handshakes.

On the server machine you also have to open the port in public IP / redirect the port to your internal PC.
The situation is as follows: a minimum of two players both have Windows, at least one has to have public IP/open port (42222). All other clients connect to him and they make a fast and secure virtual LAN network for games. None of them uses the chosen IP range for local network, in this example 10.5.5.0/24.

Use this server config:
Code:
port 42222
proto udp
dev tap
tun-ipv6

tls-auth tls-auth.key 0
ca       lan-ca.crt
cert     lan-server.crt
key      lan-server.key
dh       lan-dh2048.pem

tls-version-min 1.2
cipher AES-256-CBC
auth SHA256
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
remote-cert-eku "TLS Web Client Authentication"

server 10.5.5.0 255.255.255.0

server-ipv6 fc11:0:1054::/64
push route-ipv6 fc11:0:1054::/64

duplicate-cn
keepalive 10 120

comp-lzo
persist-key

route-metric 1
route 0.0.0.0 0.0.0.0 10.5.5.1 10001

push "route-metric 1"
push "route 0.0.0.0 0.0.0.0 10.5.5.1 10001"

client-to-client

status status-server-lan.log 60

and this client config:
Code:
remote 111.111.111.111
float

tls-client
port 42222
proto udp
dev tap
tun-ipv6
nobind

resolv-retry infinite

tls-auth tls-auth.key 1
ca       lan-ca.crt
cert     lan-client.crt
key      lan-client.key

tls-version-min 1.2
cipher AES-256-CBC
auth SHA256
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
remote-cert-eku "TLS Web Server Authentication"

pull dhcp-options

mute 10
comp-lzo
verb 1

Change 111.111.111.111 to match your server's IP. The predefined routes will take care of priorities and in most games the players should see each other and the server.
Just one more thing - you need to make sure the virtual device is given the highest priority (even above LAN or WiFi). You can do so by renaming your OpenVPN TAP network adapter to "OpenVPN" and running these commands from command line:
Code:
netsh int ipv4 set interface OpenVPN metric=2
   netsh int ipv6 set interface OpenVPN metric=2

I recommend creating gameserver on the server machine to minimize latency. And the very last thing would be to add the network range to trusted networks in your firewall (once and for good).
[Image: kavove-zrnka-lajna.jpg]
Coffee phreak!
  Reply


Messages In This Thread



Users browsing this thread: 1 Guest(s)