Darren Spruell wrote:
Not in the client/server model from 1.6 ( haven't worked with the 2.0
series yet ). Only the client needs to know the IP of the server. The
server couldn't care less about where the client's calling from.
We would like to set up a branch office VPN connection between two
sites. One endpoint is a Linux firewall with an Internet-routable IP,
the other endpoint is a Linux server behind a NAT firewall and has an
RFC1918 IP address. We would hope that this would work correctly if the
connection is initiated from the Linux server behind the NAT box to the
other firewall with the public address; return traffic would simply be
routed back to the NAT box and translated to the server again.
But, from what I can tell from the openvpn startup examples, each
endpoint must be able to connect to the other directly (specified with
the "--remote" argument). Since one endpoint is hidden behind the NAT
firewall on a private network, this doesn't fit and we would need to
move this endpoint into a DMZ or similar publicly-routable location.
Can someone please confirm this one way or the other?
At least, that's how i have it setup. I have 3 clients on dynamic IPs,
which change quite frequently. I've never had an issue. Further, I
have a client coming from behind a linksys home gateway router thingy (
win2k client ), and she hasn't had any issues either ( thank god ).
One thing possibly worth noting, and something you probably already
know: Because openvpn uses udp, your firewall may have issues with it.
That all depends on the firewall of course, some are more intelligent
than others. Just set openvpn to ping every x seconds, and you should
be ok. ( again, sorry if you already knew this, but I'm adding in here
for future searchability )
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
Openvpn-users mailing list