Hi, Ales. On Thursday, 29 October 2009 06:43:31 +1100, Alex Samad wrote:
> > I was making a first attempt to establish a VPN between my house and > > the office. The scenery from the side of my house is the following > > one: > > ________ > > +----------+ +-----------+ +----------+ ____/ \___ > > | OpenVPN |_____| GNU/Linux |_____| ADSL |_____/ Internet \ > > | server | | Firewall | | Router | \____ ____/ > > +----------+ +-----------+ +----------+ \_______/ > > > > Local network: 10.1.0.0/24 > > VPN network: 10.8.0.0/24 > any particular reason not to run the vpn server on the firewall ! it > is already the default gw for your local lan and it would make routing > easier. We can run OpenVPN on ours firewall if we like (or need), but I think this is not encouraged. Firewalls should be limited-purpose systems with as little complexity as possible. Running OpenVPN on your firewall complicates the firewall, and presents a possible attack vector for malicious activity. Consider what happens if your firewall host is compromised, and it's running OpenVPN: the attacker gains access to your VPN configuration, and could conceivably construct a man-in-the-middle attack against all your VPN clients. > what you have below is the a sympton of the routing problem. According to I could see, was necessary to have enable IP forwarding and masquerading in host of OVPN server. > also any reason you choose tun over tap - I usually default to tap. Besides being the default configuration, I used routing by its efficiency and scalability. Thanks for your reply. Regards, Daniel -- Fingerprint: BFB3 08D6 B4D1 31B2 72B9 29CE 6696 BF1B 14E6 1D37 Powered by Debian GNU/Linux Squeeze - Linux user #188.598
signature.asc
Description: Digital signature
