|
|
I'm currently using OpenVPN 1.6 to connect several windows users to a local network using linux and bridging on the server. With this I can have diffrent iptables rules for every user as they come in on a diffrent tap device. Now I'm thinking of switching to 2.0, and push an individual config file to each user, to be able to do ip filtering with iptables based on the source IP address. What I wonder now is, is there anything in openvpn that prevents a user from changing his openvpn config to use a fixed (--ifconfig xxx) IP address instead of pulling the config from the server? Or what if the user change his IP address on the tap device to a static IP address, that normaly belong to a user with access to more resources to the local network? Will OpenVPN drop packets from this user then, if they do not contain the source IP address that was pushed to the user? If not, how should I address this problem? /Mathias -- ____________________________________________________________ Mathias Sundman (^) ASCII Ribbon Campaign NILINGS AB X NO HTML/RTF in e-mail Tel: +46-(0)8-666 32 28 / \ NO Word docs in e-mail ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-05/msg00031.html on line 203 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-05/msg00031.html on line 203 |