Llanzlan Klazmon <Klazmon@llurdiaxorb.govt> wrote:
> The subnet for the VPN must not conflict with the subnet being used for
> ethX to talk to your your router or any other local subnets.

I tend to use OpenVPN as a point to point link, like this (with
pre-shared keys), and add exactly the routes I want. I re-use the IP
address of the internal network on the tun interface (no need for a
different one).

My local network is 172.16.x.y, the remote network is 172.17.x.y and this
connects the two gateway machines together.

vpnX.conf ------------------------------------------------------------
#
# OpenVPN configuration file
# using a pre-shared static key.
#

# Use a fixed name tun device.
dev tun-X

# remote end - comment this out if the other end is dynamic IP
#remote 1.2.3.4

# local, remote IPs of the tunnel
ifconfig 172.16.0.1 172.17.0.1

# Start routes
up ./vpnX.up

# Our pre-shared static key
secret vpnX.key

# Port number to use
port 12221

# Compress
comp-lzo

# Send a UDP ping to remote once every N seconds to keep stateful
# firewall connection alive. iptables has a 3 minute timeout on UDP
# by default so 1 minute should be adequate here
; ping 60

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet.
# 5 -- medium output, good for normal operation.
# 8 -- verbose, good for troubleshooting
verb 5

# VOIP
passtos
------------------------------------------------------------

vpnX.up ------------------------------------------------------------
#!/bin/bash
route add -net 172.17.0.0 netmask 255.255.0.0 gw $5
------------------------------------------------------------

I've found OpenVPN to be by far the most reliable and easy to setup VPN!
--
Nick Craig-Wood <nick@craig-wood.com> -- http://www.craig-wood.com/nick