[Openvpn-devel] openvpn as a firewall

Tue, 11 Jul 2006 07:07:39 -0700 

Hi All

  this is the problem,

  i have winxp pro server. i use it for openvpn as a server.
  i have a lot of client in alot of networks. 

  example of my network

                  Type  Adres Of machine  Virtual Ýp    server  www.server.com  
10.0.0.1    serverclient1  www.server.com  10.0.0.4    serverclient2  
www.server.com  10.0.0.6    serverclient3  www.server.com  10.0.0.8    
serverclient4  www.server.com  10.0.0.10    net2client1  www.net2client1.com  
10.0.0.12    net2client2  www.net2client2.com  10.0.0.14    net2client3  
www.net2client3.com  10.0.0.16    net2client4  www.net2client4.com  10.0.0.18   
 net3client1  www.net3client1.com  10.0.0.20    net3client2  
www.net3client2.com  10.0.0.22    net3client3  www.net3client3.com  10.0.0.24   
 net3client4  www.net3client4.com  10.0.0.26    net4client1  
www.net4client1.com  10.0.0.28    net4client2  www.net4client2.com  10.0.0.30   
 net4client3  www.net4client3.com  10.0.0.32    net4client4  
www.net4client4.com  10.0.0.34

  i use client-to-client parameter in all .ovpn file.

  i use an accounting software on terminal services. 
  all user can acces server. But at now i want only some client can access 
server. for example only serverclient* user. and serverclient* clients can 
acces to all other clients. and net4client4 can acces all other clients to. 

  i do not want to use 3 th part firewall for dropping package (iptables etc..)
  is it possible with openvpn

  this is my server conf file 
  ****************************************
  port 84
proto udp
dev tun
ca ca.crt
certvpnserver1.crt
key vpnserver1.key 
  dh dh1024.pem
server 10.0.0. 255.255.255.0 
ifconfig-pool-persist ipp.txt
push "route 10.0.0.0 255.255.255.0" 
route 10.0.0.0 255.255.255.0 
  client-to-client
  keepalive 10 120
max-clients 100
persist-key
persist-tun
status openvpn-status.log
verb 4
tls-auth ta.key 0
comp-lzo


  client .ovpn file
  ****************************
  client
dev tun
proto udp
remote www.server.com 84
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert VPNCLIENT3.crt
key VPNCLIENT3.key  
tls-auth ta.key 1
verb 3
comp-lzo




---------------------------------
Do you Yahoo!?
 Get on board. You're invited to try the new Yahoo! Mail Beta.

Reply via email to