I own two properties, basically my primary and secondary homes. They both have internet connection with a typical router setup for multiple devices, wifi, etc. in both places. I wanted to have them connected privately and had made some experiments with ssh (-w option); it worked by wasn't really stable and easy to cope with. I then decided to go for a solution based on openvpn. I finally got it to work, so I thought I would describe the whole thing for others to benefit.
These are the characteristics of the setup before I started:
HomeA is connected to the Internet via a cable modem and therefore does not have a fixed IP address. This is also where the ReadyNAS is physically located. The network there is 192.168.11.0/24, the router that sits on cable modem has IP address 192.168.11.1 on the inside and the ReadyNAS has a fixed IP address of 192.168.11.154 (I mostly use DHCP, but have fixed IP addresses for a few things like the ReadyNAS and a printer).
HomeB is connected to the Internet via a DSL connection and has a fixed IP address. I don't want to reveal it here (I get enough ssh break-in attempts already!), but for the sake of this discussion, let me assume it is 22.214.171.124. On it's internal side, my network is 192.168.2.0/24, the router has address 192.168.2.1 and there is also an older PC running Ubuntu 9.10 with IP address of 192.168.2.3.
The ReadyNAS and the Ubuntu box will take roles of the openvpn systems; the former in HomeA a client (as it is behind a changing IP address, the latter in HomeB as a server. You need to open the ReadyNAS for root ssh access and get the "apt-get" add-on so that you can download software to it using apt-get; google will be your friend if you need help doing this.
To complicate things, I wanted to be able to manage and install the whole thing from HomeB (with fixed IP), so I initially created a small trick to be able to get to HomeA with its variable IP address. First, I opened my routers so that port 22 forward to 192.168.11.154 in HomeA, and to 192.168.2.3 in HomeB, I then setup password-less root ssh (yes, this sounds utterly unsecure, it isn't as long as your boxes are behind a firewall, google for it!) to simply things, although this is not strictly necessary from HomeB to HomeA. But the trick is that HomeA has a crontab entry that every 4 hours ssh's as root to HomeB leaving its IP address (which really is the one assigned by my cable modem provider). Therefore, when I am on the Ubuntu box in HomeB, I can always find the actual IP address of HomeA. This is a like a simplified dynamic DNS entry.
Next, download openvpn on both the ReadyNAS and the Ubuntu box using
apt-get install openvpm
There are a few things more (cryptostuff) that also needs downloading; check the openvpn documentation.
Read and follow the openvpn documentation on how to generate server and client keys (I did it all in HomeB) and copy the appropriate keys to /etc/openvpn in both HomeA (ReadyNAS) and HomeB (Ubuntu). You should, like I, use scp to copy. I next setup the configuration files in /etc/openvpn on both sides, again basically following the instructions on the openvpn website. Of particular importance are the following.
I opened the 1194 port in the router of HomeB forwarding to 192.168.2.3. I also decided to start with tcp (rather than udp).
In server.conf in HomeB (Ubuntu), the following are my non-comment lines:
key server.key # This file should be kept secret
server 10.8.0.0 255.255.255.0
push "route 192.168.2.0 255.255.255.0"
route 192.168.11.0 255.255.255.0
route 10.9.1.0 255.255.255.0
We need to push the HomeB server side subnet to the HomeA client, hence the push and we also need to have the server side know about the client side, hence the "route 192.168.11...." line. I also found that 'keepalive' was causing restarts of the client so I just replaced it by a ping. In the client-specific file on the server side, I have these two lines (and nothing more):
iroute 192.168.11.0 255.255.255.0
ifconfig-push 10.9.1.1 10.9.1.2
And the non-comment lines of client.conf, i.e. the file on the ReadyNAS in /etc/openvpn are (xxxxxx are real names that I am not showing here, also recall 126.96.36.199 really should be the external fixed IP of HomeB):
remote 188.8.131.52 1194
Coming this far, I was able to start openvpn on first HomeA side (i.e. Ubuntu) and the HomeB side (ReadyNAS) and those two boxes would see each other, happily ping and connect. I did not have firewall issues, i.e. the iptables firewall already existing on my Ubuntu box did not prevent anything.
Next, in order to get everything on the two sides to fully see the other side, I had to do the following:
Turn on ip forwarding in both the ReadyNAS and Ubuntu. At runtime, you do it by doing
echo 1 > /proc/sys/net/ipv4/ip_forward
but I also made sure it happens automatically at reboots. The next, very important step is to make the routers (that sit on directly on the Internet connection in the two places) now about routing to the other sides. And you need to add two static routes in each router. I initially thought I would only need to add the static routes to 192.168.2.0/255.255.255.0 and 192.168.11.0/255.255.255.0 respectively, but I realized this is not sufficient. The tunnel network (10.8.0.0/255.255.255.0) does also need to be known to the two routers. So, in the router of HomeA, the following two static routes are used:
192.168.2.0/255.255.255.0 via 192.168.11.154
10.8.0.0/255.255.255.0 via 192.168.11.154
and in HomeB, its basically the opposite:
192.168.11.0/255.255.255.0 via 192.168.2.3
10.8.0.0/255.255.255.0 via 192.168.2.3
The frustrating thing is that you can actually ping with only the first of the two static routes above, but in order to make a connection, you also need the 10.8.0.0/255.255.255.0 routes.
Finally, I made sure openvpn comes up automatically on both sides after a reboot. In HomeA (the ReadyNAS), this was already the case (I assume after doing the apt-get), in HomeB (on Ubuntu) I used 'chkconfig' to do it.
Let me finally add that all this (among other things) allows me to use softsqueeze in HomeB on Ubuntu against squeezecenter running in the ReadyNAS. In HomeA, I have the physical squeeze thing connected to my stereo.
I finally had some version issues with the Squeezebox setup - please see http://forums.slimdevices.com/showthread.php?t=78777 for details.