[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: managing interface names with OpenVPN


  • Subject: Re: [Openvpn-users] Re: managing interface names with OpenVPN
  • From: Stephen Carville <stephen@xxxxxxxxxxxxxx>
  • Date: Tue, 7 Dec 2004 18:27:44 -0800

On Tue December 7 2004 5:27 pm, Charles Duffy wrote:
> On Tue, 07 Dec 2004 17:18:40 -0800, Stephen Carville wrote:
> > Soon I will be adding a many-to-one configuration to allow for "road
> > warrior" connections where the default policy may be more restrictive. 
> > Is there anyway to be certain that vpn1, vpn2, etc names are not used by
> > the many-to-one config?  I am concenred there is a small but non-zero
> > possibility a road warrior could get vpn0 or vpn1 and have complete
> > access to the internal network while a remote network would get a zone
> > name associated with a restricted policy.
>
> Presuming tun0 and tun1 are your names for hardcoded tunnels (you use
> "dev tun0" and "dev tun1" to make sure they always get the same devices,
> right?), use "dev tun2" (or some other designated device) in the
> configuration for your multi-client server, and set your firewall
> rules appropriately.

Just so I'm clear. If I set up my multi-client VPN to use:

local 209.189.103.196
dev tun2
port 5003
server 192.168.150.0 255.255.255.128

Then all the connections to port 5003 on 209.189.103.196 will use tun2?

I can live with that :-)

-- 
Stephen Carville
Unix and Network Adminstrator
DPSI
6033 W.Century Blvd.
Los Angeles, CA 90045
310-342-3602

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users