[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Re: managing interface names with OpenVPN

  • Subject: [Openvpn-users] Re: managing interface names with OpenVPN
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Tue, 07 Dec 2004 19:27:45 -0600

On Tue, 07 Dec 2004 17:18:40 -0800, Stephen Carville wrote:

> Soon I will be adding a many-to-one configuration to allow for "road warrior" 
> connections where the default policy may be more restrictive.  Is there 
> anyway to be certain that vpn1, vpn2, etc names are not used by the 
> many-to-one config?  I am concenred there is a small but non-zero possibility 
> a road warrior could get vpn0 or vpn1 and have complete access to the 
> internal network while a remote network would get a zone name associated with 
> a restricted policy.

Presuming tun0 and tun1 are your names for hardcoded tunnels (you use
"dev tun0" and "dev tun1" to make sure they always get the same devices,
right?), use "dev tun2" (or some other designated device) in the
configuration for your multi-client server, and set your firewall
rules appropriately.

Openvpn-users mailing list