[ale] OpenVPN Question

John Mills johnmills at speakeasy.net
Thu Oct 9 09:27:27 EDT 2008


Chris -

DISCLAIMER: I do not administer our OpenVPN setup, nor have I done so. 
Hence this is user guesswork. From the my viewpoint, "it just works."

We use openVPN to connect into our corporate network from either Windows 
or Linux. Establishing the connection adds routes to my routing table so 
that I access intraNet IPs directly (172.0.0.0 in this case). My local IPs 
are in 192.168.1.0. I think the default routing for external IPs remains 
unchanged but I never checked it.

I only use the '172.0.0.0' domain through the tunnel established by 
openVPN. I can open allowed ports and services (such as 'tightVNC' on my 
office desktop), and I think there is some VPN-specific 
filtering/firewalling as well: some '172' IPs can be reached from the 
office box but not from my remote at home. I normally come into the VPN 
from Linux, but I expect the differences between Linux and Windows access 
would basically be the differences between the world- and user-views of 
the respective OS's.

I don't know if this helps, but if there is something you wish me to look 
at when I have an openVPN tun/tap connection I will be happy to try.

  - John

On Thu, 9 Oct 2008, Chris Fowler wrote:

> Here is a question for all the OpenVPN users out there.

> I want to give users running Winders access to a complex network remotely.
> This network has multiple VPNs that connect to routers at remote sites
> and these routers use IP Masquerading to allow the main site access to
> devices at the remote without complex routing on the remote.  The way we
> accomplish this is with static host based routes.  One such installation
> could have 30 VPNs to 30 remote sites and on the VPN server could have
> 40 host base entries in the kernel's routing
> table.

> The rule is that if the dealer wants to access a piece of equipment at
> a remote network over these VPNs that tech needs to be sitting on a PC
> at their office or VPN into their office.  Some of our larger customers have
> dedicated VPN gear and this is not a problem.  Our smaller customers do
> not.

> The idea is that I can install OpenVPN on the VPN server and allow
> individual
> techs access via OpenVPN to this "network".  The problem is that I need to
> feed those static routes to the Windows PC so it will know how to access
> these remote sites.  A simple solution is to write a batch script and
> have a link on the users desktop.  The bring up the VPN and then click the
> link.  Another solution is to have OpenVPN assign those routes on the
> Windows PC the minute the VPN comes up.  Is that possible?

> Chris Fowler
> OutPost Sentinel, LLC
> Support @ SIP/support at pbx.opsdc.com
> or 678-804-8193
> Email Support @ support at outpostsentinel.com


More information about the Ale mailing list