[nSLUG] OpenVPN

John Stanton john at stantonnet.org
Sat Nov 28 23:11:13 AST 2009


Hey, 

ip forwarding is on, iptables disabled. and still no luck with the
routes. 

On Sat, 2009-11-28 at 22:55 -0400, John Stanton wrote:
> Thanks for all the advice. I will give it a try tomorrow. 
> 
> John
> 
> On Sun, 2009-11-29 at 02:33 +0000, Ian Campbell wrote:
> > On Sat, Nov 28, 2009 at 10:20:28PM -0400, Oliver Baltzer wrote:
> > > 
> > > Also, your LAN hosts need to know the route back to the VPN client, e.g.
> > > # route add -net 10.0.0.0/8 gw vpnserver
> > 
> > This is probably better done directly from the config, the route
> > directive should work... easier than remembering to do it every time.
> > 
> > While I'm on the subject, note that setuid non-root on clients (at
> > least OSX/Linux) can have some unfortunate consequences if you're
> > replacing the default route on the client... at least on OSX OpenVPN
> > would happily accept the route pushed back by the VPN server, drop
> > privs... and then be unable to replace the default route when
> > terminating the connection.
> > 
> > Whoops ;)
> > 
> > Also John, if you haven't read it,
> > http://openvpn.net/index.php/open-source/documentation/howto.html is
> > surprisingly useful for OSS documentation. Examples and explanations
> > abound.
> > _______________________________________________
> > nSLUG mailing list
> > nSLUG at nslug.ns.ca
> > http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
> 
> 





More information about the nSLUG mailing list