[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Help needed to configure OpenVPN


  • Subject: Re: [Openvpn-users] Help needed to configure OpenVPN
  • From: "Andrew Chan" <andrew-chan@xxxxxxxxxxxxx>
  • Date: Fri, 10 Aug 2007 11:38:01 +0800
  • Importance: Normal

Title: Re: [Openvpn-users] Help needed to configure OpenVPN
Hi David,
 
Thanks for your information and sorry for the late reply as I was out of town. hehe
 
ok according to your explaination, here is my understanding, correct me if I am wrong. thanks.
 
Assuming
Client PC A is using IP address 111.111.111.100 with VPN IP 10.8.0.6
Client PC B is using IP address 222.222.222.100 with VPN IP 10.8.0.7
VPN Server A is using IP address 333.333.333.100 with VPN IP 10.8.0.1
Normal Server B is using IP address 444.444.444.100
 
At Client PC A and B, I have to add extra static route to 444.444.444.100 by issuing the following command.
 
route ADD 444.444.444.0 MASK 255.255.255.0 333.333.333.100
 
At Server B, I have to add a static route to reply query from the Client PCs.
 
/sbin/route add -net 10.8.0.0 netmask 255.255.0.0 gw 333.333.333.100
 
Is this what you mean?
 
Then my question is that since they are not at the same subnet, I don't think I can add these static route right?
 
THank you very much for your help.
 
Best Regards,
Andrew
 
-----Original Message-----
From: David Balazic [mailto:David.Balazic@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, August 02, 2007 4:57 PM
To: andrew-chan@xxxxxxxxxxxxx; Erich Titl
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: RE: [Openvpn-users] Help needed to configure OpenVPN

Hi!
 
Of course it is possible.
 
Set up a VPN from each client PC to server A and add a routing line on each client to
go to server B over the VPN server. Also set up a route on server B to send replies over server A.
 
Or same as above, but have one VPN client running on the NAT router instead of one on each client PC.
 
Depend on what exactly you have, what exactly you want and what exactly you control (can do changes on).
 
Regards,
David


From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Andrew Chan
Sent: Thu 02-Aug-07 09:25
To: Erich Titl
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] Help needed to configure OpenVPN

I don't mind prevent direct access to B actually.

What I mean is that Window PC A to D can go direct to Linux Server B but I
want it to go to via the VPN Tunnel to Linux Server A then to Linux Server
B.

Is it really not possible? It is because I know there are people doing it
for sure, I just do not know how.

-----Original Message-----
From: Erich Titl [
mailto:erich.titl@xxxxxxxx]
Sent: Thursday, August 02, 2007 3:15 PM
To: andrew-chan@xxxxxxxxxxxxx
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] Help needed to configure OpenVPN




Andrew Chan wrote:
> Hi Erich,
>
> Thanks for your help.
>
> I am actually looking at having the VPN Tunnel between the Window PC A to
D
> and Linux Server A, and I do not wish to have the openVPN tunnel from
Linux
> Server A to Linux Server B.
>
> Can it be done?

Sure, but your question was to _prevent_ direct access to B, which in
this case is not possible.

cheers

Erich


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> 
http://get.splunk.com/
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

<<attachment: winmail.dat>>

_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users