userdoc:openvpn_access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision Both sides next revision
userdoc:openvpn_access [2011/07/01 14:57]
droemel created
userdoc:openvpn_access [2014/11/17 04:07]
droemel
Line 15: Line 15:
     * or create another iptables rule: "''iptables -A INT_INPUT_CHAIN -s 10.8.2.0/24 -j DROP''" for each subnet     * or create another iptables rule: "''iptables -A INT_INPUT_CHAIN -s 10.8.2.0/24 -j DROP''" for each subnet
   * The easy way is to push the internal LAN route in the OpenVPN server config (//push route 192.168.3.0.255.255.255.0 in this case//).   * The easy way is to push the internal LAN route in the OpenVPN server config (//push route 192.168.3.0.255.255.255.0 in this case//).
-  * The more secure way is NOT to push the route, but instead push only the relevant allowed destinations in the OpenVPN ccd/client file like "''push route 192.168.3.200''", but in this case the "Employees Class" from the example wouldn't work, cause there is no file to include the routing.+  * The more secure way is NOT to push the route in the OpenVPN server config, but instead push only the relevant allowed destinations in the OpenVPN ccd/client file like "''push route 192.168.3.200''", but in this case the "Employees Class" from the example wouldn't work, cause there is no file to include the routing.
  
 === Examples === === Examples ===
Line 53: Line 53:
  
 The "push route ..." commands are optional (without the ";")(see above) The "push route ..." commands are optional (without the ";")(see above)
- 
  • userdoc/openvpn_access.txt
  • Last modified: 2017/08/10 03:43
  • by droemel