Sign In
Register
Help
Add Reply
Posted 20 July 2006 - 07:23 PM
# openvpn --version OpenVPN 2.0.6 i686-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 21 2006 Developed by James Yonan Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
The first node is also my firewall, it has the following interfaces:
eth0: 192.168.0.10
eth1: public address from dhcp
tun0: 192.168.201.1
Not sure if and how gentoo differs here, but I have a single config file name for the connection, that a symlinked init.d script will call this config.
/etc/openvpn/kiosk.conf:
local 192.168.0.10 port 1194 proto udp dev tun ca ca.crt cert lnx-iprovo1.crt key lnx-iprovo1.key dh dh2048.pem server 192.168.201.0 255.255.255.0 client-config-dir ccd-kiosk route 10.10.2.0 255.255.255.0 keepalive 10 120 tls-auth ta.key 0 cipher DES-EDE3-CBC comp-lzo max-clients 3 user nobody group nobody persist-key persist-tun status status.log log openvpn.log verb 5 mute 20
A few rules to iptables make things play nice.
At first I ran these so I could see better what wa happening with packets:
-A INPUT -i tun0 -j LOG --log-prefix "INPUT (tun0) " --log-level 6 -A INPUT -i tun0 -j ACCEPT -A FORWARD -i tun0 -j LOG --log-prefix "FORWARD (tun0) " --log-level 6 -A FORWARD -i tun0 -j ACCEPT -A OUTPUT -o tun0 -j LOG --log-prefix "OUTPUT (tun0) " --log-level 6 -A OUTPUT -o tun0 -j ACCEPT -A PREROUTING -i tun0 -j LOG --log-prefix "PREROUTING (tun0) " --log-level 6 -A PREROUTING -i tun0 -j ACCEPT -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o tun0 -j SNAT --to-source 192.168.201.1
All that are needed:
-A INPUT -i tun0 -j ACCEPT -A FORWARD -i tun0 -j ACCEPT -A OUTPUT -o tun0 -j ACCEPT -A PREROUTING -i tun0 -j ACCEPT -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o tun0 -j SNAT --to-source 192.168.201.1
I'm going to have to finish this later .. as I am putting this together I have realized my kiosk in the mall must have lost power and I can't connect to it. HAHA .. need to get a UPS in there.
MultiQuote
