Re: [Openvpn-users] Using one machine both as server and client

[Sunny <sloncho@xxxxxxxxx>]

On 8/1/06, Klaus Thielking-Riechert wrote:
> Sunny,
>
> On Tue, Aug 01, 2006 at 10:10:29AM -0500, Sunny wrote:
>
> > Do I need to run 2 instances of openvpn? Do I have to use different
> > tun devices?
>
> Yes, you have:
>
>  - if your are using  "mode p2p" using on your existing setup, you must
>    add a second config as this mode allows only one (!) connection at a
>    time.

On the production firewall I use "server" in the config file, with ccd dir, etc.

And have a "client" config file on my office firewall, to connect to
the prod one. Also, I use "client" config on my laptop to connect to
this prod vpn as well.

>
>  - if you are already using "mode server" your current firewall might be
>    a client (just think of the "remote ..." option). In this mode your
>    process can be either the client or the server!

Can you provide a little more info here. DO I understand right -
instead of using "client" on the office firewall, I have to use
"server", and then somehow??? use "remote" option?

>
> > Also, can I use one and the same server key for both firewalls? What
> > about the client certificates (I have client cert. for me to connect
> > to production firewall).
>
> Yes, if you are using preshared keys (or secrets) this will be
> technically OK. But if you are using thesen keys on all your configs you
> might get a problem if this key is compromised.
>
> I would suggest you to use certificates with one cert per client.

OK, thanks

>
> Best regards,
>
>    Klaus
>

Thanks for the reply

-- 
--
Svetoslav Milenov (Sunny)

Windows is a 32-bit extension to a 16-bit graphical shell for an 8-bit
operating system originally coded for a 4-bit microprocessor by a
2-bit company that can't stand 1 bit of competition.
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users