My network setup looks (roughly) like this:
"gateway" has a handmade (and by now halfway complicated) iptables
script and an openvpn server. (plus some more things that I think
shouldnt matter here).
+-----------+
| DMZ |
| 10.66.*.* |
+-----------+
|
+------------------------+ +--------------+
| 10.66.0.1 | | |
| 13.13.6.110 |----| PUB |
| gateway | | 13.13.6.* |
| | | (10.8.0.*) |
| 13.13.6.125 | +--------------+
+------------------------+
|
+-------------------+
| INTERNET |
| *.*.*.* |
| (10.8.0.*) |
+-------------------+
10.8.0.* is the virtual openvpn-client address space
13.13.6.* is the adress space of our "public zone" I changed the
numbers so you dont see where I actually work ;-)
* PUB is allowed to make connections to anywhere in INTERNET
* INTERNET and PUB are allowed to connect anywhere in DMZ as long as is
via openvpn
So far this works quite well.
The ony thing that is missing is the ability to connect to machines in
PUB coming from INTERNET via openvpn.
I once tried to add a rule for this but it simply didnt work
(unfortunately I dont remember what *exactly* happened, but everything
was somehow locked up). Even worse, its already a "working environment"
so its not easy to just twiddle around a bit with the openvpn.conf and
see what the result is. (vpn acces from PUB to DMZ is crucial)
My assumption is that if I generally push a route to connect to the
13.13.6.*ers via openvpn, that they wont connect directly to each other
anymore (which does not fully explain the problem to me but I feel it
goes into this direction).
Any general ideas/hints?
Henning
PS:
Its my first vpn installation so dont be shy to say potentially obvious
things ;-)
--
GPG Public Key:
http://keyserver.ganneff.de:11371/pk...D6D36D41911851
Fingerprint: 344F 4072 F038 BB9E B35D E6AB DDD6 D36D 4191 1851
Similar Threads
Linear Mode
