[Firehol-support] OpenVPN client: sample

Whit Blauvelt whit at transpect.com
Sat Jul 26 03:07:01 BST 2014


On Sat, Jul 26, 2014 at 12:11:11AM +0200, Jerome BENOIT wrote:

> https://www.digitalocean.com/community/tutorials/how-to-secure-traffic-between-vps-using-openvpn

> was useful, but unfortunately the client is less documented in it.

There's surely more than one way to do it. But that page looks kind of crazy
to me. I have no idea why it's using masquerade, for instance. First off,
source NAT is more efficient than masquerade, so is fairly standard if load
matters. But second, in the context of OpenVPN I use neither.

I've been running OpenVPN for years in several environments on Linux in
conjunction with iptables, but not with FireHOL yet. On the client side
OpenVPN will take care of setting the client's routing table for you if
you've got the appropriate statement in the server's config, such as:

  push "route 192.168.1.0 255.255.255.0"

if your LAN behind the server is 192.168.1.0/24. So if port 1194 is open on
the client, you're set.

Whit


More information about the Firehol-support mailing list