[kwlug-disc] Initiating connections to OpenVPN clients

Paul Nijjar paul_nijjar at yahoo.ca
Sat Jul 2 00:49:51 EDT 2011


On Thu, Jun 30, 2011 at 01:23:45PM -0400, Chris Frey wrote:
> On Thu, Jun 30, 2011 at 12:17:17AM -0400, Paul Nijjar wrote:
> > This adds the following lines to the OpenVPN configuration: 
> > 
> > route 10.10.10.0 255.255.255.0;push "route 172.26.16.0
> > 255.255.255.0"
> 
> I'm not a pfSense expert... is that semicolon a comment symbol, or
> are those two commands?

Two commands. 
> 
> Just for safety's sake, I'd test to see what other machines I could reach
> on the 10.10.10.0 network, from server B.  If Client C has forwarding
> turned off, then you're probably ok.  Otherwise, you might be exposing
> more than you realize.  And same for machines on 10.10.10.0 reaching
> server B.  If you add a route on Client D to pass all 192.168.150.0
> traffic to Client C, can Client D get to Server B?

Good thinking. I will do this. I actually don't care a lot whether
network A can see all of the machines on C's network (I would actually
prefer a site to site VPN for this situation), but this is
worth checking. 

- Paul



More information about the kwlug-disc mailing list