[nSLUG] OpenVPN

Ian Campbell ian at slu.ms
Sat Nov 28 22:33:12 AST 2009


On Sat, Nov 28, 2009 at 10:20:28PM -0400, Oliver Baltzer wrote:
> 
> Also, your LAN hosts need to know the route back to the VPN client, e.g.
> # route add -net 10.0.0.0/8 gw vpnserver

This is probably better done directly from the config, the route
directive should work... easier than remembering to do it every time.

While I'm on the subject, note that setuid non-root on clients (at
least OSX/Linux) can have some unfortunate consequences if you're
replacing the default route on the client... at least on OSX OpenVPN
would happily accept the route pushed back by the VPN server, drop
privs... and then be unable to replace the default route when
terminating the connection.

Whoops ;)

Also John, if you haven't read it,
http://openvpn.net/index.php/open-source/documentation/howto.html is
surprisingly useful for OSS documentation. Examples and explanations
abound.



More information about the nSLUG mailing list