[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] New User Questions about OpenVPN

  • Subject: Re: [Openvpn-users] New User Questions about OpenVPN
  • From: "Renato Salles" <rsalles@xxxxxxxxxxxxxxxxxxxx>
  • Date: Sun, 14 Mar 2004 21:37:13 -0300 (BRT)
  • Importance: Normal

Patrick Lesslie disse:
> On Sun, Mar 14, 2004 at 01:12:01PM -0500, Cyrus Mehta wrote:
>> Question #1:  My local Win2K workstation at my place of employment is on
>> its own Windows-based network behind an ultra-paranoid firewall with
>> only ports 22/80/443 open to the outside world.  If I install OpenVPN on
>> my Linux Server and Win2K box, can I use the OpenVPN connection for only
>> those connections going to mydomain.com?  And not have to use the
>> OpenVPN for traffic going to a 3rd party's website or a server that may
>> be on my office's internal LAN?
> That is technically possible, but possibly not ethical, especially
> since if they are paranoid then the last thing they will want is
> any kind of VPN connection, especially on the sly ;-)
> I'd recommend sticking to ssh, or asking permission.
> Seeing both networks that way is normal behaviour for OpenVPN, unless
> you specify --redirect-gateway and --route-gateway.
> You may have to do it with TCP encapsulation over one of those ports,
> unless they allow UDP ports as well, which would be better.  OpenVPN
> prefers UDP ports.
> I dont' remember if they have to be high ports (>1024).  If they do,
> then you'll have to do NAT at both ends somehow, and it might get
> difficult at the windows end.  I don't recall such a restriction, but
> there might be issues with using low ports anyway.
>> Question #2:  Given my local Windows Network at my office and my Samba
>> share at home, will I be able to browse Network Neighborhood on both the
>> work LAN and my server's LAN and see both workgroups (assuming they are
>> differently named)?
> You can certainly use NN over the tunnel.  It's easiest if you use a
> bridged connection rather than routed.  I'm not sure about the multiple
> workgroups on Windows, but I think you can.

I think this will be an issue. Netowrk share/browsing relies over
broadcasts and ports 137-139, and this ports are supposed to be completly
closed in this case.

>> Question #3:  Do the above situations become problematic if
>> "mydomain.com" is a dyndns.org Dynamic DNS internet domain on a dynamic
>> IP served off a cable modem?
> Dynamic addresses are supported, you just put the name in place of the
> number.
> Patrick Lesslie
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users

"A well-written program is its own heaven; a poorly-written program is its
own hell."
TAO of Programming - Book 4

Openvpn-users mailing list