|
|
On Wed, 03 Aug 2005 13:22:17 -0400, Yaoning Tao wrote: > I'm configuring the OpenVPN now. I have 3 kinds of remote customers need > to connect to inside with different privilages. I think the Learn-address > cmd option should be very cool for my requirments. But I don't know how to > use it yet. I couldn't find some examples on the internet. Even the man > page of the OpenVPN didn't explain it very well. > > Anybody can explain it more clearly? It's should be the best if anybody > can give me some detail expamples. Because learn-address is just a hook, folks can implement a wide range of things behind it. This can be security infrastructure, DNS registration, extended logging, or anything else that one wishes. Because there's so much flexibility, it's not possible to provide a canonical learn-address script that addresses all possible uses; the script that you use will depend heavily on what you're trying to do and what (potentially OS, distribution and site-local) infrastructure you have in place to implement your intended policies. If you want an example of a learn-address script that isn't specific to setting firewall rules, there's one I've posted to the list for doing DNS registrations. As for dynamically generating firewall rules, however -- if you're not capable of doing that without hand-holding, you shouldn't be doing it at all. Future versions of OpenVPN will have support for multiple address pools (making it easy to do useful class-based firewalling without a learn-address script); in the mean time, you can simulate this with a client-connect script that manually uses ifconfig-push to assign IPs in different ranges to clients of different classes (meaning you need to reimplement OpenVPN's address-management logic for this to work), or run multiple OpenVPN instances (such that users can only succesfully authenticate to the instance appropriate to their class of user). At the moment, though, using separate OpenVPN instances for the different classes of customers is probably your easiest option. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-08/msg00041.html on line 212 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-08/msg00041.html on line 212 |