Hi Mike, Mike Morris wrote: > This is probably too basic to be easily found with my searches :^) > > Before installing ovpn community edition as a server, I want to > understand what side effects there are. For instance, running ovpn as a > client, by default, means all outbound triaffic is routed through the > vpn tunnel... even sshd responses. Is the same thing true in server mode? > > I want to have a VPN service, and still retain the webserver and ssh > daemon "as is" on that machine. I just want to know whether I need to > figure out how to alter ip tables, etc. to do that, or should that be > default behavior? >
there's no real 'by default' here: whether an OpenVPN client will tunnel all traffic over the VPN depends on the client and server configurations. A common setup is to tunnel all client traffic over the tunnel (--redirect-gateway) but this applies only to the clients. The server normally is the machine which then forwards this tunnel traffic to the internet/rest of the network. Also, if you don't want to expose SSH on your server to your openvpn clients then this can be done using either a firewalling solution (iptables) and/or the right config statements in the sshd_config file (e.g. don't listen on the tunnel IP address). HTH, JJK ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
