From 2882b5ec7a279a0a6a3ead5ac649ab23c02d019b Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 12 Oct 2005 17:14:49 +0000 Subject: [PATCH] Yet more config info for OpenVPN git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2861 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs2/OPENVPN.xml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/Shorewall-docs2/OPENVPN.xml b/Shorewall-docs2/OPENVPN.xml index 13291754a..b4f5b072e 100644 --- a/Shorewall-docs2/OPENVPN.xml +++ b/Shorewall-docs2/OPENVPN.xml @@ -464,7 +464,10 @@ iface br0 inet static Firewall (Server) configuration. /etc/openvpn/server-bridge.conf defines a bridge and reserves IP - addresses 192.168.1.64-192.168.1.71 for VPN clients. + addresses 192.168.1.64-192.168.1.71 for VPN clients. Note that the + bridge server only uses local IP address 192.168.3.254. We run two + instances of OpenVPN; this one and a second tunnel-mode instance for + remote access (see dev tap0 @@ -490,8 +493,7 @@ comp-lzo user nobody group nogroup -ping 15 -ping-restart 45 +keepalive 15 45 ping-timer-rem persist-tun persist-key @@ -536,12 +538,16 @@ mute-replay-warnings verb 3 /etc/openvpn/wireless.up changes the default gateway to - 192.168.1.254 + 192.168.1.254: ip route replace default via 192.168.1.254 dev tap0 /etc/openvpn/wireless.down restores the default gateway to - 192.168.3.254 + 192.168.3.254. Note that this command requires privilege and hence we + do not include "user nobody" and "group nobody" in + /etc/openvpn/wireless.conf. + + /etc/openvpn/wireless.down: ip route replace default via 192.168.3.254 dev eth0