|
|
I'm trying to setup OpenVPN tunnels to connect satellite buildings via broadband connections for our school district. While we have fiber to campus buildings, we have special small "schools" off campuses. We need to connect these locations to our LAN, and route their Internet traffic through our gateway with content filter and logging (CIPA!). Using stand alone filtering is ineffective and expensive. I've succeeded at setting up OpenVPN connections via broadband, and in my 'on the table' experiment via crossover. I can ping back and forth between the servers over the tunnel, and to the other interfaces on those server (both have duel nic's). My weak point has always been routing, and I'm unable to get beyond the servers themselves. In the end, I'll need clients in a satellite building to have all traffic (internet, dns, everything) routed through the tunnel, to our server - which will route out our standard gateway. I plan on having the client "servers" be both firewall & openvpn clients. Default gateways for boxes are their broadband addresses. I've been using the push "redirect-gateway def1" without success, though I'm certain I'm missing some routes. SERVER - RHEL4/CentOS vpn addr 10.8.0.1 tun system lan - 172.20.200.x eth1 (default gw 172.20.2.1) test crossover 'Internet' - 192.168.6.3 eth0 CLIENT - RHEL4/CentOS vpn addr 10.8.0.2 tun satellite lan - 172.20.60.x eth1 (workstation client on this subnet) test crossover - 192.168.6.2 eth0 The test crossover will be the broadband links, I've got the boxes using those as their default gateways. I'll add the firewall aspect once I get this working, basically only allowing traffic over the tunnels. I'd love to have any clients in the satellite buildings treat the client OpenVPN box as any other router in our network. Thus clients needing only point to our main DNS servers (on 172.20.2.x), and our main gateway at 172.20.2.1. This way client config is identical to any other building, fiber or VPN. Thanks, any suggestions are welcome. Kevin ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-07/msg00073.html on line 220 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-07/msg00073.html on line 220 |