[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] mangeing inteface names with OpenVPN

  • Subject: [Openvpn-users] mangeing inteface names with OpenVPN
  • From: Stephen Carville <stephen@xxxxxxxxxxxxxx>
  • Date: Tue, 7 Dec 2004 17:18:40 -0800

Right now I have two point-to-point OpenVPN tunnels connecting a central 
office wth other sites.  I set tehse up based on Tom Easteps instructions at 

To keep things simple, each tunnel has a hard coded name -- vpn0 and vpn1 -- 
and a corresponding shorewall policy entry:

vpn0    loc     ACCEPT  -
vpn1    loc     ACCEPT  -

Routes at both remote sites direct addresses in zone loc thru the tunnel 
leaving other destination addresses to be handled by the corresponding remote 
firewall ruleset. 

Soon I will be adding a many-to-one configuration to allow for "road warrior" 
connections where the default policy may be more restrictive.  Is there 
anyway to be certain that vpn1, vpn2, etc names are not used by the 
many-to-one config?  I am concenred there is a small but non-zero possibility 
a road warrior could get vpn0 or vpn1 and have complete access to the 
internal network while a remote network would get a zone name associated with 
a restricted policy.

Stephen Carville
Unix and Network Adminstrator
6033 W.Century Blvd.
Los Angeles, CA 90045

Openvpn-users mailing list