Hi guys,
First off I’d like to say that I’ve been really
impressed with OpenVPN. We’ve had 25 members of our sales force on
an OpenVPN server using the OpenVPN client from openvpn.se which I set up about
8 months ago and things have been going well with it, so well in fact
that I haven’t really touched the server since then and how I originally
configured it is a little fuzzy in my memory.
We began using OpenVPN primarily for email reasons as we use
blacklist checking to block a substantial amount of spam and a large number of
hotels were in this blocking list. OpenVPN helped us to bypass this issue
but another has been surfacing lately.
Our internal office network is numbered as a standard
internal A class. (10.0.0.0/255.255.0.0). I’m noticing a large
number of hotels have been using this same internal network which, while the
OpenVPN client says the user is connected, fails to pick up or contact our internal
DNS servers and find the internal ip of whatever server it is attempting to
contact (or perhaps OpenVPN does this on purpose because it realizes the
overlap?). Thus it ends up falling back to the email server’s
external ip which triggers the blacklist check which in turn denies them any
SMTP access.
Apart from renumbering our internal network (which I’m
fine with doing as a last resort), is there an easier solution that would allow
similar and non similar networks to connect without issue? The following link
mentions using some ipchain rules (which I assume can be translated over to
iptables?) could be used for the rewriting? Any help with this would be
greatly appreciated.
http://www.debian-administration.org/articles/35#comment_1
Apart from this issue, the VPN server is working great
though.
Additional info: The server is using routing rather than
bridging and everyone has their own set of generated keys.
Thanks,
Craig
Sturman
Network Admin / Web Developer
Tregaskiss Ltd.
Direct: (519) 737-3078
Fax: (519) 737-2078
http://www.tregaskiss.com