[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] client=>server OK; server=>client N/A


  • Subject: Re: [Openvpn-users] client=>server OK; server=>client N/A
  • From: /dev/rob0 <rob0@xxxxxxxxx>
  • Date: Wed, 12 Oct 2005 21:12:36 -0500

On Wednesday 2005-October-12 16:29, Martin G.H. Minkler wrote:
> Could somebody who successfully connected two LANs via routed OpenVPN

More than 2. Some multi-hop routing, too.

> (tun) please post their config files and if applicable their firewall
> setups and routes?

http://openvpn.net/static.html
http://openvpn.net/1xhowto.html

If you don't need multiple client connections, why bother with a 
server/client setup?

When I originally set mine up I was using distinct IP's for VPN 
endpoints: 192.168.7.x, regardless of the LAN at each site. Now I am 
preferring the proxy ARP solution. To connect 192.168.16.0/24 site to 
192.168.40.0/24, the peer in the 192.168.16.0/24 location might be 
192.168.40.16, and the other peer might be 192.168.16.40. Turn on proxy 
ARP, and life is good. 192.168.16.0/24 hosts have routes to 
192.168.40.0/24 through 192.168.16.40 =OR= openvpn is running on (or 
the peer is reached through) their default gateway. 192.168.40.0/24 
hosts have routes to 192.168.16.0/24 through 192.168.40.16 =OR= openvpn 
is running on (or the peer is reached through) their default gateway.

Symmetry is good!

Firewalls, well, generally I treat tun+ interfaces like trusted local 
ones. There's no simple answer as to how to set up your firewall. 
Accept the traffic you want and block what you don't want?
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users