Menu
▾
▴
Re: [Astlinux-users] OpenVPN Questions
|
From: Lonnie A. <li...@lo...> - 2007-03-08 19:27:29
|
Kristian, As a follow-up to your original question, The openvpn.conf server-side option: (for OpenVPN 2.0.x) ifconfig-pool-linear might be useful to you. Instead of creating /30 networks for each client, a single IP from the VPN subnet is used, starting at x.x.x.4 by default. The only 'drawback' of using "ifconfig-pool-linear" in the server config, is that Windows clients cannot connect... the /30 option was made to deal with Windows tun driver. (Some may consider this a security feature. <smile> ) UNIX and Mac OS X work fine with "ifconfig-pool-linear". This might be the choice for SIP over OpenVPN in an all UNIX environment. Lonnie On Feb 13, 2007, at 4:49 PM, Kristian Kielhofner wrote: > Hey everyone, > > OpenVPN - looks very cool, I'm glad that AstLinux has it. > > I have a problem that looks like it could be solved with the > appropriate VPN. OpenVPN looks like it can probably do it for me. > > Here is what I need to do: > > Many boxes are behind NAT. Each box has several services that need > to be accessed by a few remote systems that all all on the same > network (probably a dedicated VLAN) in a datacenter. By many boxes I > mean hundreds, thousands, etc. Here is what I think I need: > > - openvpn on each box with public key authentication (I don't want to > have to deal with passwords) > > - openvpn "concentrator" doing routing/firewalling/etc in the > datacenter > > The "kick" is I need the openvpn concentrator to hand out unique IP > addresses that are rout able (at least within my VLAN in the > datacenter - maybe by proxyarp) to each client as it connects. > Multiple machines on that VLAN (not running openvpn) must be able to > access the remote IP addresses without any extra software or > configuration. > > Can openvpn do this? What extra rc.conf values will I need? > Thanks! > > -- > Kristian Kielhofner > > ---------------------------------------------------------------------- > --- > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your > job easier. > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel? > cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pa...@kr.... > |
