|
|
"Aaron M. Hirsch" <aaron.hirsch@xxxxxxxxxxxxxx> said: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I'm new to openvpn and have been asked to setup a solution for my > office...yep, openvpn it is! > > I'm looking for a sanity check / advise on what I have for the server > configuraiton below: > > port 5000 > dev tun > > tls-server > [ > put > certs > here > ] > > mode server > > ifconfig 192.168.244.1 > > ifconfig-pool 192.168.244.6 192.168.244.254 > > push "ip-win32 dynamic" > push "dhcp-option DOMAIN cellnet.com" > push "dhcp-option DNS <internal dns server>" > push "route 192.168.244.1 255.255.255.0" > > inactive 1200 > > route 192.168.244.0 255.255.255.0 > > user nobody > group nobody > > verb 9 > > If I've read properly the above config will utilize the ifconfig-pool to > allocate addresses, i.e. dhcp. The addresses allocated would be between > 192.168.244.6 and 192.168.244.254. > > Do I need to push "ip-win32 dynamic"? What about Linux machines? Is there an > option I have to push for them to utilize the ifconfig-pool? Can both *nix > and Doze clients utilize the same server config file Yes. If you push a win32 option to a linux client, the client will complain with a warning and ignore the option. > or will I need to run > two openvpn instances? > > Sorry for the questions, I'm just trying to get a good idea of the configs so > that I can have the server in place by Monday. I'm moving away from recommending the usage of "inactive" in the "mode server" config, using something like this instead: ping 10 ping-restart 120 push "ping 10" push "ping-restart 60" The idea is that since the client is the connection initiator, it should time out and retry first. If the server instance times out before the client, the connection will break until the client renegotiates -- something that we usually don't want. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |