[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN and iptables


  • Subject: Re: [Openvpn-users] OpenVPN and iptables
  • From: "Britain Crooker" <britainc@xxxxxxxxxxxxxx>
  • Date: Thu, 15 Nov 2007 15:42:26 -0500

Thanks - this got me going in the right direction.  The answer was:

1. Add a 'bind = 10.8.0.1' option in the /etc/xinetd.d/svnserve config file.
2. Change the client URL to \\10.8.0.1\some_repository instead of the public
domain name. 

-----Original Message-----
From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Lindsay
Haisley
Sent: Thursday, November 15, 2007 1:12 PM
To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] OpenVPN and iptables

This really doesn't need iptables at all.  svnserve has an option,
--listen-host=host (host may be either an IP address or a resolvable name).
Make sure OpenVPN assigns a consistent address to the tap IF and make sure
this option is given to to the subversion daemon when it's instantiated.

On Wed, 2007-11-14 at 18:12 -0500, Britain Crooker wrote:
> We have Subversion running on the same server that has OpenVPN on it.
> I would like to come up with some way to say "only allow clients to 
> connect to Subversion if they are connected via the VPN".
>  
> Our configuration file is:
>  
> port 1194
> proto udp
> dev tap
>  
> ca ca.crt
> cert server.crt
> key server.key
> dh dh1024.pem
>  
> server 10.8.0.0 255.255.255.0
> ifconfig-pool-persist ipp.txt
> push "redirect-gateway def1"
> push "dhcp-option DNS 10.8.0.1"
> keepalive 10 120
> tls-auth ta.key 0 # This file is secret comp-lzo max-clients 4 user 
> nobody group nobody persist-key persist-tun status openvpn-status.log 
> log-append  openvpn.log verb 4
> ----------------------------------------------------------------------
> --- This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/ 
> _______________________________________________ Openvpn-users mailing 
> list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx 
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
-- 
Lindsay Haisley       | "Everything works    |     PGP public key
FMP Computer Services |       if you let it" |      available at
512-259-1190          |    (The Roadie)      | http://pubkeys.fmp.com
http://www.fmp.com    |                      |


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users