Thanks, that gives me a couple of things to look into: I didn't know there was an OpenVPN service and the idea of supernetting, which should work for us.
...Tim -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Tuesday, January 29, 2013 12:45 PM To: NT System Admin Issues Subject: Re: Favorite VPN solution? On Tue, Jan 29, 2013 at 12:47 PM, Tim Evans <[email protected]> wrote: > I was looking at OpenVPN, but it looks to me like it won't work in our > environment. > We have multiple subnets on our internal network, and it looks like > the OpenVPN client needs admin rights on the endpoint to update > routes. Our users don't have admin rights and that's not something I'm > looking to change. Have you found a workaround for this or is it not an issue > in your environment? Nobody here runs with admin rights, either. We use the OpenVPN service, which runs with admin rights and thus can do what's needed to configure the routes and network interface. We then change permissions on the service (using GPO) such that users can start/stop it. But, if you have multiple subnets behind a single VPN gateway, and all the subnets fall within a the same supernet, then you can just create one route on the client, and do your routing at/past the gateway. For example, we use the 10.0.0.0/8 network internally. Our main HQ LAN is 10.0.0.0/23, but we also have various other nets for weird things, e.g., 10.0.14.48/30 is something. But the OpenVPN client just gets a route to 10.0.0.0/8 and our router at HQ does the rest. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
