[kwlug-disc] Initiating connections to OpenVPN clients
Paul Nijjar
paul_nijjar at yahoo.ca
Sat Jul 2 00:49:51 EDT 2011
On Thu, Jun 30, 2011 at 01:23:45PM -0400, Chris Frey wrote:
> On Thu, Jun 30, 2011 at 12:17:17AM -0400, Paul Nijjar wrote:
> > This adds the following lines to the OpenVPN configuration:
> >
> > route 10.10.10.0 255.255.255.0;push "route 172.26.16.0
> > 255.255.255.0"
>
> I'm not a pfSense expert... is that semicolon a comment symbol, or
> are those two commands?
Two commands.
>
> Just for safety's sake, I'd test to see what other machines I could reach
> on the 10.10.10.0 network, from server B. If Client C has forwarding
> turned off, then you're probably ok. Otherwise, you might be exposing
> more than you realize. And same for machines on 10.10.10.0 reaching
> server B. If you add a route on Client D to pass all 192.168.150.0
> traffic to Client C, can Client D get to Server B?
Good thinking. I will do this. I actually don't care a lot whether
network A can see all of the machines on C's network (I would actually
prefer a site to site VPN for this situation), but this is
worth checking.
- Paul
More information about the kwlug-disc
mailing list