[Openvpn-users] Different config.ovpn files depending on location

  • From: "Michael Kelly" <mkelly@xxxxxxxxxxxxxxxxxx>
  • Date: Thu, 26 Aug 2004 13:48:48 -0600


I am running openVPN 2.0 beta 11 in a testing environment. The server
is running on a Linux gateway-firewall in my office. Some of the
clients, running win2000 pro or WinXP, connect to the server in one of
two ways, either on a wireless network that is in my office but on a
different subnet than the main LAN or from various remote locations.

Here is the layout:

             (fixed IP)
         hardware router
                  |---------------- wireless subnet
                  |                     (
        openvpn firewall/gateway (Linux)

Note: the harware router is what provides the wireless connectivity.

What I would like to achieve is to run OpenVPN as a service on each of
the laptops, but with a different config file depending on their
connection location.

Example 1:
laptop connects to VPN on the wireless network. 
In this situation I would like to have the config file have the
following options:
       remote 5100
       redirect-gateway local

Example 2:
laptop connects to VPN from remote location
In this situation I would like to have the config file have the
following options:
       remote (static Internet ip) 5100

Note: I am using redirect gateway in this case so that all traffic from
the laptop comes through our systems first. The laptop have confidential
material on there and I hope to protect them as much as possible.

I am currently starting the openVPN service via a batch file that does
some other work as well. 

I know that I could have two independent config files and get the batch
file to copy or rename the one I want the system to use depending on the
detected laptop location.

I have tested both of the above config files independently and they
both work great now, thanks to people on this list, but as I said I want
it to be as automatic as it can be.

I guess my question is if anyone else out there has a similar type of
configuration or if anyone has any ideas on the best way to get to the
solution I would like to.

Michael Kelly

