[nSLUG] OpenVPN

John Stanton john at stantonnet.org
Sat Nov 28 22:55:05 AST 2009


Thanks for all the advice. I will give it a try tomorrow. 

John

On Sun, 2009-11-29 at 02:33 +0000, Ian Campbell wrote:
> On Sat, Nov 28, 2009 at 10:20:28PM -0400, Oliver Baltzer wrote:
> > 
> > Also, your LAN hosts need to know the route back to the VPN client, e.g.
> > # route add -net 10.0.0.0/8 gw vpnserver
> 
> This is probably better done directly from the config, the route
> directive should work... easier than remembering to do it every time.
> 
> While I'm on the subject, note that setuid non-root on clients (at
> least OSX/Linux) can have some unfortunate consequences if you're
> replacing the default route on the client... at least on OSX OpenVPN
> would happily accept the route pushed back by the VPN server, drop
> privs... and then be unable to replace the default route when
> terminating the connection.
> 
> Whoops ;)
> 
> Also John, if you haven't read it,
> http://openvpn.net/index.php/open-source/documentation/howto.html is
> surprisingly useful for OSS documentation. Examples and explanations
> abound.
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug





More information about the nSLUG mailing list