|
|
so, i suggest u my solution ( which's doing its job pretty well).
in the firewall:
dont allow any traffics out of the vpn(s).
which means: you should deny all traffics ( tcp, icmp...) execpting your
vpn client's udp traffics.
for exempl: iptables -A INPUT -i eth0 -p udp -j ACCEPT
iptables -A INPUT -j DROP
only vpn traffics can passe trough your fw.
if you dont want any masquerading, you should add the explicit route on
each of your non-vpn clients to go back to the vpn network trough the
vpn sever.
Casey Ruark wrote:
On Tuesday, July 06, 2004 9:17 AM [GMT-5=EST], PHDeliege@xxxxx
<PHDeliege@xxxxx> wrote:
> The problem that I have is as follow: My office Network is linked to
> the Internet via an hardware Firewall (so let say that the intranet
> is IP 192.168.0.X and thus the firewall as 1 ethernet adapter for the
> intranet (192.168.0.1) and an other with our fixed internet IP address
> (193.242.45.22).
> In all the documents that I read concerning OpenVPN, the Linux
> platform running OpenVPN is doing firewall as well as VPN server. But
> as we have to keep our hardware Firewall, is it possible to have the
> VPN server on the Intranet (only with 1 ethernet adapter
> 192.168.0.111) ? I can open some ports on the firewall if needed.
> If yes, what kind of configuration should I use ?
Works fine for me in the type of configuration. Simply decide which port
your OpenVPN Server will be listening on (5000/UDP is the default), and
configure your hardware firewall to 1) allow external access from this
port,
and 2) forward traffic from this port to the IP Address of your OpenVPN
Server. Hint: a static IP Address on your OpenVPN Server will be
helpful...
-Adam
I am currently experincing major difficulty with openvpn routing where
two networks
are behind firewalls, and openvpn is present. It seems the only way to
get packets flowing on the one side is to MASQ, which I don't want to
do, due to the fact that it freaks out
Win2k port 445 (resets connections). Here is the setup.
Corporate
Cisco 2620 Router ----> Firewall ( 10.0.0.4 ) <------> Core Switch
10.0.0.x/24 --------> Openvpn Dev (NAT outside 1-1) Int 10.0.0.75 tun0
172.16.2.1
Remote Office
Cisco 1700 -----> Cisco Pix -----> Core Switch 10.0.25.0/24 ------->
Openvpn (NAT 1-1) int 10.0.25.75 eth0 10.1.12.0/24 eth1 (remote subnet)
172.16.2.2 tun0 -----> Switch 2 10.0.12.x/24 ----> Remote LAN
Routes are specified in the VPN config files, but when ping time comes,
it won't play except from the vpn devices.
I personally do not want to MASQ any packets if necessary, but it seems
that most people are using Openvpn as their primary
firewall/gateway. In my case I only want them to route traffic, without
any ruleset. Please help.
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital
self defense, top technical experts, no vendor pitches, unmatched
networking opportunities. Visit www.blackhat.com
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
--
richard venne
dental-on-line
01 43 27 94 24
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|