[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] User's connecting from an identical network


  • Subject: [Openvpn-users] User's connecting from an identical network
  • From: "Craig Sturman" <csturman@xxxxxxxxxxxxxx>
  • Date: Thu, 6 Sep 2007 11:07:12 -0400

Hi guys,

 

First off I’d like to say that I’ve been really impressed with OpenVPN.  We’ve had 25 members of our sales force on an OpenVPN server using the OpenVPN client from openvpn.se which I set up about 8 months ago and things have been going well with it,  so well in fact that I haven’t really touched the server since then and how I originally configured it is a little fuzzy in my memory.

 

We began using OpenVPN primarily for email reasons as we use blacklist checking to block a substantial amount of spam and a large number of hotels were in this blocking list.  OpenVPN helped us to bypass this issue but another has been surfacing lately.

 

Our internal office network is numbered as a standard internal A class. (10.0.0.0/255.255.0.0).  I’m noticing a large number of hotels have been using this same internal network which, while the OpenVPN client says the user is connected, fails to pick up or contact our internal DNS servers and find the internal ip of whatever server it is attempting to contact (or perhaps OpenVPN does this on purpose because it realizes the overlap?).  Thus it ends up falling back to the email server’s external ip which triggers the blacklist check which in turn denies them any SMTP access.

 

Apart from renumbering our internal network (which I’m fine with doing as a last resort), is there an easier solution that would allow similar and non similar networks to connect without issue?  The following link mentions using some ipchain rules (which I assume can be translated over to iptables?) could be used for the rewriting?  Any help with this would be greatly appreciated.

 

http://www.debian-administration.org/articles/35#comment_1

 

Apart from this issue, the VPN server is working great though.

 

Additional info: The server is using routing rather than bridging and everyone has their own set of generated keys.

 

Thanks,

Craig Sturman
Network Admin / Web Developer
Tregaskiss Ltd.
Direct: (519) 737-3078
Fax: (519) 737-2078
http://www.tregaskiss.com