[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Re: network/openvpn design suggestions?

  • Subject: [Openvpn-users] Re: network/openvpn design suggestions?
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Mon, 20 Dec 2004 16:44:41 -0600

You can certainly do that. You'll want your firewall/gateway systems to
route requests going to the other side of the VPN over to the OpenVPN
server; from there, you just need to make sure OpenVPN's UDP packets make
it across to the other side. (I'm presuming you're using tun mode w/ udp
as the underlying transport, because those make sense in this case).

Alternately, if it's not too much trouble, you can have the systems'
routing tables include a route to the remote side w/ the local VPN server
as gateway -- you'll just need to be sure that they all get it -- or you
can go belt-and-suspenders and implement both.

Personally, I run OpenVPN on my gateway, and don't feel too bad about it
-- after initialization it's running as an unprivileged user and group,
and if that weren't enough I could throw it into a chroot jail. Certainly
makes routing setup easier, and if configured correctly is a very minimal
security risk.

Openvpn-users mailing list