Differences

This shows you the differences between two versions of the page.

--- userdoc:openvpn_access [2011/07/01 14:57]
droemel created
+++ userdoc:openvpn_access [2017/08/10 03:41]
droemel
@@ Line 5: / Line 5: @@
 Here is a good howto for this:
-http://openvpn.net/index.php/open-source/documentation/howto.html#policy
+https://openvpn.net/index.php/open-source/documentation/howto.html#policy
 Additionally in AstLinux the following must be done:
@@ Line 15: / Line 15: @@
     * or create another iptables rule: "''iptables -A INT_INPUT_CHAIN -s 10.8.2.0/24 -j DROP''" for each subnet
   * The easy way is to push the internal LAN route in the OpenVPN server config (//push route 192.168.3.0.255.255.255.0 in this case//).
-  * The more secure way is NOT to push the route, but instead push only the relevant allowed destinations in the OpenVPN ccd/client file like "''push route 192.168.3.200''", but in this case the "Employees Class" from the example wouldn't work, cause there is no file to include the routing.
+  * The more secure way is NOT to push the route in the OpenVPN server config, but instead push only the relevant allowed destinations in the OpenVPN ccd/client file like "''push "route 192.168.3.200"''", but in this case the "Employees Class" from the example wouldn't work, cause there is no file to include the routing.
 === Examples ===
@@ Line 24: / Line 24: @@
 {{userdoc:openvpn-policies.png?nolink|OpenVPN Policies}}
 \\
+!!Note:!! It is very important that Topology "Use Default" is used and NOT "Subnet"!
 **/mnt/kd/arno-iptables-firewall/custom-rules**
@@ Line 53: / Line 55: @@
 The "push route ..." commands are optional (without the ";")(see above)