Greetings,
In order to avoid spamming this list with unrelated questions about
IPtables commands, I'm wondering is there is a book/resource that anyone
knows of that tackles how to do more advanced setups with OpenVPN and
IPtables?
It seems there are many examples on the Internet of "redirect all traffic
to OpenVPN, then masquerade (NAT) on the server" but I'm looking to do
something more advanced than this. I purchased "Mastering OpenVPN" and have
a test setup that does the following:
- Authenticates users via LDAP
- Pulls access rights for the user from LDAP
- Pushes per user routes via the `client-connect` script
- Does not route all Internet traffic
The part I'm missing is the server-side IPtables rules. Each user should
get their own chain, created when they connect, and subsequently deleted
when they disconnect. Things become unclear when trying to figure out
OpenVPN in relation to netfilter hooks. Specifically:
- At what point in the netfilter hook process does traffic get decrypted?
- Is the FORWARD chain the best way to process per user access rules?
- Is there a way to NOT masquerade traffic from the OpenVPN server, and
make it appear that traffic comes from the same subnet configured in the
`server` directive?
Many questions I know. Basically looking for a book/resource so I can
answer them myself :)
--
Scott Crooks (王虎)
LinkedIn: http://www.linkedin.com/in/jshcrooks
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
