[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-devel] openvpn as a firewall

  • Subject: [Openvpn-devel] openvpn as a firewall
  • From: feramus coban <feramuslinux@xxxxxxxxx>
  • Date: Tue, 11 Jul 2006 07:07:18 -0700 (PDT)
Hi All
 
this is the problem,
 
i have winxp pro server. i use it for openvpn as a server.
i have a lot of client in alot of networks. 
 
example of my network
 
Type Adres Of machine Virtual Ýp
server www.server.com 10.0.0.1
serverclient1 www.server.com 10.0.0.4
serverclient2 www.server.com 10.0.0.6
serverclient3 www.server.com 10.0.0.8
serverclient4 www.server.com 10.0.0.10
net2client1 www.net2client1.com 10.0.0.12
net2client2 www.net2client2.com 10.0.0.14
net2client3 www.net2client3.com 10.0.0.16
net2client4 www.net2client4.com 10.0.0.18
net3client1 www.net3client1.com 10.0.0.20
net3client2 www.net3client2.com 10.0.0.22
net3client3 www.net3client3.com 10.0.0.24
net3client4 www.net3client4.com 10.0.0.26
net4client1 www.net4client1.com 10.0.0.28
net4client2 www.net4client2.com 10.0.0.30
net4client3 www.net4client3.com 10.0.0.32
net4client4 www.net4client4.com 10.0.0.34
 
i use client-to-client parameter in all .ovpn file.
 
i use an accounting software on terminal services.
all user can acces server. But at now i want only some client can access server. for example only serverclient* user. and serverclient* clients can acces to all other clients. and net4client4 can acces all other clients to.
 
i do not want to use 3 th part firewall for dropping package (iptables etc..)
is it possible with openvpn
 
this is my server conf file
****************************************
port 84
proto udp
dev tun
ca ca.crt
certvpnserver1.crt
key vpnserver1.key
dh dh1024.pem
server 10.0.0. 255.255.255.0 
ifconfig-pool-persist ipp.txt
push "route 10.0.0.0 255.255.255.0" 
route 10.0.0.0 255.255.255.0
client-to-client
keepalive 10 120
max-clients 100
persist-key
persist-tun
status openvpn-status.log
verb 4
tls-auth ta.key 0
comp-lzo
 
client .ovpn file
****************************
client
dev tun
proto udp
remote www.server.com 84
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert VPNCLIENT3.crt
key VPNCLIENT3.key  
tls-auth ta.key 1
verb 3
comp-lzo
 
 

Do you Yahoo!?
Get on board. You're invited to try the new Yahoo! Mail Beta.
-------------------------------------------------------------------------
Get stuff done quickly with pre-integrated technology to make your job easier

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-devel