|
|
I do this at home with a wifi router that acts as my gateway and a linux fileserver on myhome lan I port forward the openvpn ports I use to the internal address of the fileserver. When I add the route through the vpn, it comes up in my routing table ahead of the normal lan ip address created by dhcpd (so all traffic to the lan is through the vpn tunnel). I guess I could change my default gateway for internet access to use the VPN too but since the traffic is unprotected past the router, I figure that running general internet traffic trough the vpn wouldn't server much purpose (and would maybe slow it down a bit) Anyway, since openvpn can port forward through to an internal server, the rest is just routing configuration Michael Kelly (mkelly@xxxxxxxxxxxxxxxxxx) wrote: > > Hello again, > > I understand your point about not really gaining anything by my > proposed idea. > > If I setup a gateway machine behind the router, no firewall on the > gateway machine, that is also running the openVPN software any employees > who hook up wirelessly to the network will not go through the gateway > and therefore not have proper access to the VPN. > > I am however still very curious about the gateway idea, so long as it > is possible to have connected to the network behind the hardware > router. > > I am far from giving up on the this project John, and I am positive I > will get a working solution soon > > Thank you for all your help and suggestions > Michael Kelly > > >>> John Locke <mail@xxxxxxxxxxxx> 02/04/2004 10:21:13 am >>> > On Fri, 2004-04-02 at 10:53, Michael Kelly wrote: > > Just had a thought. > > > Would it be at all helpful or ease the setup if I built a box for > each > > end that was a Linux system running both as a firewall and a VPN > gateway > > and all traffic coming into and out of both offices would travel > through > > this machine. Essentially I would allow the hardware router to do > what > > it is supposed to do, forward ports, block unwanted exterior > traffic, > > etc...., but when it came to the VPN stuff, the Linux Firewall/VPN > > gateway would do all that work. It could also protect us against > > unwanted outgoing information from any unknown viruses or spyware. > > > Well, you gain a lot of flexibility by using a Linux firewall/router. > But I'm not sure you ease any of the challenges, and in this case, I > don't see what you would gain. If you make the default gateway for > your > network the same machine as the VPN gateway, you don't have to > configure > routes back to the tunnel--but if it's also running a firewall, you > spend a similar amount of time configuring the firewall rules to allow > the traffic through the tunnel... > > > Do you think this could be a viable solution to the challenges I am > > facing with setting up a VPN system with openVPN? > > > Believe me, the challenges of OpenVPN pale in comparison to IPSec! > VPNs > in general require a fairly good understanding of networking > principles. > With that understanding, OpenVPN is great because it's so simple to > administer and use. > > Setting up these routes is really not hard at all, as long as your > firewall/router supports it! > > Cheers, > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > > ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |