[ale] OpenVPN Question

Robert L. Harris robert.l.harris at gmail.com
Thu Oct 9 12:34:51 EDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Chris,
  I run an openvpn at my office and we have mostly linux and mac
clients but a couple windows
as well.  In my server config I have this:

ifconfig-pool 10.1.250.100 10.1.250.200
route 10.1.250.0 255.255.255.0
push "route 10.1.250.1"
push "route 10.1.200.0 255.255.255.0"
push "route 10.1.250.0 255.255.255.0"
push "route 10.1.1.0 255.255.255.0"

and in the clients I just have an additional line:

pull

the pull tells the client to take the routes from the server.  That simple

(If you want a copy of my configs let me know)

Robert



Chris Fowler wrote:
> Here is a question for all the OpenVPN users out there.
>
> I want to give users running Winders access to a complex network
> remotely. This network has multiple VPNs that connect to routers at
> remote sites and these routers use IP Masquerading to allow the
> main site access to devices at the remote without complex routing
> on the remote.  The way we accomplish this is with static host
> based routes.  One such installation could have 30 VPNs to 30
> remote sites and on the VPN server could have 40 host base entries
> in the kernel's routing table.
>
> The rule is that if the dealer wants to access a piece of equipment
> at a remote network over these VPNs that tech needs to be sitting
> on a PC at their office or VPN into their office.  Some of our
> larger customers have dedicated VPN gear and this is not a problem.
> Our smaller customers do not.
>
> The idea is that I can install OpenVPN on the VPN server and allow
>  individual techs access via OpenVPN to this "network".  The
> problem is that I need to feed those static routes to the Windows
> PC so it will know how to access these remote sites.  A simple
> solution is to write a batch script and have a link on the users
> desktop.  The bring up the VPN and then click the link.  Another
> solution is to have OpenVPN assign those routes on the Windows PC
> the minute the VPN comes up.  Is that possible?
>
>
>

- --

:wq!
====================================================================
Robert L. Harris                     | GPG Key ID: E344DA3B
                                         @ x-hkp://pgp.mit.edu
DISCLAIMER:
      These are MY OPINIONS             With Dreams To Be A King,
       ALONE.  I speak for              First One Should Be A Man
       no-one else.                       - Manowar

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iD8DBQFI7jKr8+1vMONE2jsRAvTKAJ0Q8v5SR8xYOsWpOkYtV690guL/VACfTy6G
XHWbLTEtHWutH11DmoQcppY=
=VBUk
-----END PGP SIGNATURE-----



More information about the Ale mailing list