Answers are interspersed with your questions, below. ----- Eric F Crist > > I read elsewhere that there was an upper limit of about 200 concurrent > users per openVPN instance. This was a post from 2010, though, so I'm > curious if this is still the limit.
About 200 per instance is still the rule. > Our current VPN implementation assigns an IP based on LDAP group > membership. There are several different IP pools available. I'd like > to replicate this behavior in openVPN. Does openVPN support multiple IP > pools? I realize I can run multiple instances of openVPN, but solving > this at the user level is rough, at best. You can do this pretty easily with client connect scripts. It will involve some work on your part. > I'm also planning on using post-auth scripts to build iptables rules on > the openvpn server. The intention here is to use the ip pools as a > large sieve and the iptables rules to provide additional security. Are > there any known issues with this approach? It's similar to what I see > on big iron solutions, but I haven't tried this with openVPN and linux > as of yet. Again, something you can do with client connect and disconnect scripts. > Any other gotchas I should be looking out for? I noticed there are a > few openVPN books out there, but they're all 3+ years old at this point. > Are any of them still relevant? No other real gotchas. Keep your CA infrastructure safe, and make sure the date/time are correct on your client machines and the system you use to generate the certificates.
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
