On Wed, 31 Mar 2004 18:39:45 -0000, you wrote: >Arkadiusz Patyk <a...@areq.eu.org> said: > >> Hi >> >> Two very significant things for me are: >> 1. In my configurations, VPN users have different rights to resources >> (access list on firewall - iptables). I have to know client IP to >> correctly setup firewall, how can i do this in 2.x ? How can i >> achieve this, in case of dynamic IP assignment > >You can use the --ipchange script which is passed the common name and source >IP address every time a client connects. I probably need to add a new >environmental variable that contains the dynamically allocated --ifconfig-pool >subnet.
with dropping privileges and chroot it could be difficult ;( Is any script executed after the connection termination? >> 2. Is it possible to run few servers (each of them on their own tap) >> on the same machine? > >Yes, it is possible to run many '--mode server' servers on the same machine, >each having their own tun interface (tap interfaces are not supported yet in >--mode server mode). > >This would be a good way to differentiate access rights for different client >classes. Not in my particular case - i have diffrent access list for each user - N users = N server = openvpn 1.x ;-) -- Arkadiusz Patyk [areq(at)pld-linux.org] [http://rescuecd.pld-linux.org/] [IRC:areq ICQ:16231667 GG:1383] [AP3-6BONE] [AP14126-RIPE]
