[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Ethernet bridging security hole question

  • Subject: Re: [Openvpn-users] Ethernet bridging security hole question
  • From: Colleen Micheletti <femmgeek@xxxxxxxxx>
  • Date: Thu, 12 Jul 2007 13:58:52 -0700 (PDT)

You should have a router/firewall device sitting between your server and your cable or dsl modem.  This device will use the public routed ip address and then you will port forward udp 1194 to the private ip of the server.  This is my configuration that has been in production for over a year without any problems or network penetration issues.

I use a single class a address space in 10.x.x.x/24 where a certain chunk of ips are for openvpn, some are for dhcp and others are static for those hard to configure devices.  as long as you have less than 253 ip addresses, you are good.  If you need more then use a larger subnet like /20 or /16.

Good luck!
Colleen M.

Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more.