|
|
Patrick Lesslie disse: > On Sun, Mar 14, 2004 at 01:12:01PM -0500, Cyrus Mehta wrote: >> Question #1: My local Win2K workstation at my place of employment is on >> its own Windows-based network behind an ultra-paranoid firewall with >> only ports 22/80/443 open to the outside world. If I install OpenVPN on >> my Linux Server and Win2K box, can I use the OpenVPN connection for only >> those connections going to mydomain.com? And not have to use the >> OpenVPN for traffic going to a 3rd party's website or a server that may >> be on my office's internal LAN? > > That is technically possible, but possibly not ethical, especially > since if they are paranoid then the last thing they will want is > any kind of VPN connection, especially on the sly ;-) > I'd recommend sticking to ssh, or asking permission. > > Seeing both networks that way is normal behaviour for OpenVPN, unless > you specify --redirect-gateway and --route-gateway. > > You may have to do it with TCP encapsulation over one of those ports, > unless they allow UDP ports as well, which would be better. OpenVPN > prefers UDP ports. > > I dont' remember if they have to be high ports (>1024). If they do, > then you'll have to do NAT at both ends somehow, and it might get > difficult at the windows end. I don't recall such a restriction, but > there might be issues with using low ports anyway. > >> Question #2: Given my local Windows Network at my office and my Samba >> share at home, will I be able to browse Network Neighborhood on both the >> work LAN and my server's LAN and see both workgroups (assuming they are >> differently named)? > > You can certainly use NN over the tunnel. It's easiest if you use a > bridged connection rather than routed. I'm not sure about the multiple > workgroups on Windows, but I think you can. I think this will be an issue. Netowrk share/browsing relies over broadcasts and ports 137-139, and this ports are supposed to be completly closed in this case. > >> Question #3: Do the above situations become problematic if >> "mydomain.com" is a dyndns.org Dynamic DNS internet domain on a dynamic >> IP served off a cable modem? > > Dynamic addresses are supported, you just put the name in place of the > number. > > Patrick Lesslie > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > -- "A well-written program is its own heaven; a poorly-written program is its own hell." TAO of Programming - Book 4 ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |