[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] 2nd VPN


  • Subject: Re: [Openvpn-users] 2nd VPN
  • From: Josh Cepek <josh.cepek@xxxxxxx>
  • Date: Sun, 13 Jan 2008 18:16:22 -0600
  • Openpgp: id=2E5A5127
  • Z-usanet-msgid: XID710maNaqY0381X28

Leonardo Rodrigues Magalhães wrote:


As each daemon will have a different interface name (tapX or tunX), you can easily secure them with iptables rules.

The only tip is to ALWAYS load config files in the same order. If you change the order, the interfaces names can change and thus your iptables rules, by interface name, will probably fail.

As another poster pointed out you can explicitly set a tap adapter like `dev tap0`, but those are the same devices that will be dynamically allocated to VPN's without an explicit device and thus may already be in use if you mix-and-match between configs. Another option is to use custom-named tun/tap devices. For example, you can run `openvpn --mktun --dev tun_site1` and then use `dev tun_site1` in the OpenVPN config file. This can also make writing firewall rules easier because you can associate the connection with a uniquely named device.

--
Josh


Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users