Menu
▾
▴
Re: [Astlinux-users] OpenVPN Questions
|
From: Darrick H. <dha...@dj...> - 2007-02-14 19:07:17
|
Kristian Kielhofner wrote: > Hey everyone, > > OpenVPN - looks very cool, I'm glad that AstLinux has it. > > I have a problem that looks like it could be solved with the > appropriate VPN. OpenVPN looks like it can probably do it for me. > > Here is what I need to do: > > Many boxes are behind NAT. Each box has several services that need > to be accessed by a few remote systems that all all on the same > network (probably a dedicated VLAN) in a datacenter. By many boxes I > mean hundreds, thousands, etc. Here is what I think I need: > > - openvpn on each box with public key authentication (I don't want to > have to deal with passwords) > Not a problem. When you use the easy-rsa scripts you can decide to create a client certificate with or without a password. > - openvpn "concentrator" doing routing/firewalling/etc in the datacenter > > The "kick" is I need the openvpn concentrator to hand out unique IP > addresses that are rout able (at least within my VLAN in the > datacenter - maybe by proxyarp) to each client as it connects. > Multiple machines on that VLAN (not running openvpn) must be able to > access the remote IP addresses without any extra software or > configuration. > It may be easier to see this as a diagram. xfig or Dia would produce something that I could look at. It shouldn't be too difficult to do this. You may have to add a few route statements in rc.local to handle this. You may also need some of Lonnie's requested changes. I haven't had time to look at those yet in depth. Perhaps this afternoon or tomorrow I'll have a chance. No chance in hell of looking at that stuff after 5pm tonight though. We're going to partake in the commercialized holiday. > Can openvpn do this? What extra rc.conf values will I need? Thanks! Darrick -- Darrick Hartman DJH Solutions, LLC http://www.djhsolutions.com |
