>A proposito, alguien sabe como se hace para que el servidor VPN asigne una >determinada IP de la LAN remota que se desea acceder via OpenVPN y que >ademas >se le asigne el gateway de la LAN remota. Resulta que necesito que el road >warrior asuma una determinada IP de la LAN, la cual pertenecera a una VLAN >de >la red remota, la cual ademas, es parte de una red mayor
Veamos, tiene que activar la directiva client-config-dir ccd luego en el directorio openvpn (/etc/openvpn) crea una carpeta que se llame ccd hay dentro tiene que crear unos ficheros con el nombre que tenga el "CN del certificado" -rw-r--r-- 1 root root 36 dic 22 16:24 svillalba ifconfig-push 10.9.233.5 10.9.233.6 ============================================================= Aki pongo lo que hay en el howto: Because we will be assigning fixed IP addresses for specific System Administrators and Contractors, we will use a client configuration directory: client-config-dir ccdNow place special configuration files in the ccd subdirectory to define the fixed IP address for each non-Employee VPN client. ccd/sysadmin1 ifconfig-push 10.8.1.1 10.8.1.2 ccd/contractor1 ifconfig-push 10.8.2.1 10.8.2.2 ccd/contractor2 ifconfig-push 10.8.2.5 10.8.2.6 Each pair of ifconfig-push addresses represent the virtual client and server IP endpoints. They must be taken from successive /30 subnets in order to be compatible with Windows clients and the TAP-Win32 driver. Specifically, the last octet in the IP address of each endpoint pair must be taken from this set: [ 1, 2] [ 5, 6] [ 9, 10] [ 13, 14] [ 17, 18] [ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38] [ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58] [ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78] [ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98] [101,102] [105,106] [109,110] [113,114] [117,118] [121,122] [125,126] [129,130] [133,134] [137,138] [141,142] [145,146] [149,150] [153,154] [157,158] [161,162] [165,166] [169,170] [173,174] [177,178] [181,182] [185,186] [189,190] [193,194] [197,198] [201,202] [205,206] [209,210] [213,214] [217,218] [221,222] [225,226] [229,230] [233,234] [237,238] [241,242] [245,246] [249,250] [253,254] ================================================================= Una duda de seguridad de openvpn, en los log aparece esto tls_server = ENABLED tls_client = DISABLED --> esto que significa key_method = 2 ca_file = 'keys/cert/ca.crt' dh_file = 'keys/cert/dh1024.pem' cert_file = 'keys/cert/server.crt' priv_key_file = 'keys/cert/server.key' pkcs12_file = '[UNDEF]' cipher_list = '[UNDEF]' tls_verify = '[UNDEF]' tls_remote = '[UNDEF]' crl_file = '[UNDEF]' Un saludo. Felices Fiestas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
