|
|
Hi, I continued my reading on the net and came across another method of setting the ip range for remote clients(server ....). Also using redirect-gateway to force the VPN to be the gateway for everything(I know this means that normal web browsing will be going via the VPN now, but we have enough bandwidth(for now) and it's transparently proxied, plus it means that workers elsewhere can be semi limited in downloading crap/p0rn/etc well at least we'll have a log of it). Due to using TAP I don't think you can specify a gateway for each subnet(with TUN you specify after the route <network> <mask> <gateway>), if someone knows better let me know. Here is my final server side config: dev tap mode server proto tcp-server tls-server port 1194 user nobody group nobody server 192.168.43.0 255.255.255.0 push "route 10.0.0.0 255.255.255.0" push "route 192.168.42.0 255.255.255.0" push "redirect-gateway" dh /etc/openvpn/keys/dh2048.pem ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/vpn.crt key /etc/openvpn/keys/vpn.key comp-lzo ping 15 ping-restart 45 ping-timer-rem persist-tun persist-key verb 3 Thanks for your assistance in this all that have helped. Cheers, Daniel. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |