forked from extern/shorewall_code
Yet more config info for OpenVPN
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2861 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
3ddfb78448
commit
2882b5ec7a
@ -464,7 +464,10 @@ iface br0 inet static
|
||||
<title>Firewall (Server) configuration.</title>
|
||||
|
||||
<para>/etc/openvpn/server-bridge.conf defines a bridge and reserves IP
|
||||
addresses 192.168.1.64-192.168.1.71 for VPN clients.</para>
|
||||
addresses 192.168.1.64-192.168.1.71 for VPN clients. Note that the
|
||||
bridge server only uses local IP address 192.168.3.254. We run two
|
||||
instances of OpenVPN; this one and a second tunnel-mode instance for
|
||||
remote access (see </para>
|
||||
|
||||
<programlisting>dev tap0
|
||||
|
||||
@ -490,8 +493,7 @@ comp-lzo
|
||||
user nobody
|
||||
group nogroup
|
||||
|
||||
ping 15
|
||||
ping-restart 45
|
||||
keepalive 15 45
|
||||
ping-timer-rem
|
||||
persist-tun
|
||||
persist-key
|
||||
@ -536,12 +538,16 @@ mute-replay-warnings
|
||||
verb 3</programlisting>
|
||||
|
||||
<para>/etc/openvpn/wireless.up changes the default gateway to
|
||||
192.168.1.254</para>
|
||||
192.168.1.254:</para>
|
||||
|
||||
<programlisting>ip route replace default via 192.168.1.254 dev tap0</programlisting>
|
||||
|
||||
<para>/etc/openvpn/wireless.down restores the default gateway to
|
||||
192.168.3.254</para>
|
||||
192.168.3.254. Note that this command requires privilege and hence we
|
||||
do not include "user nobody" and "group nobody" in
|
||||
/etc/openvpn/wireless.conf.</para>
|
||||
|
||||
<para>/etc/openvpn/wireless.down:</para>
|
||||
|
||||
<programlisting>ip route replace default via 192.168.3.254 dev eth0</programlisting>
|
||||
</section>
|
||||
|
Loading…
Reference in New Issue
Block a user