[Firehol-support] OpenVPN client: sample

Jerome BENOIT g6299304p at rezozer.net
Sat Jul 26 09:36:03 BST 2014

Hello Whit,

thanks for the reply.

On 26/07/14 04:07, Whit Blauvelt wrote:
> On Sat, Jul 26, 2014 at 12:11:11AM +0200, Jerome BENOIT wrote:
>> https://www.digitalocean.com/community/tutorials/how-to-secure-traffic-between-vps-using-openvpn
>> was useful, but unfortunately the client is less documented in it.
> There's surely more than one way to do it. But that page looks kind of crazy
> to me.

I am ready to buy that.

 I have no idea why it's using masquerade, for instance. First off,
> source NAT is more efficient than masquerade, so is fairly standard if load
> matters.

Concretely what would be the NAT command within a FireHOL configuration file ?

 But second, in the context of OpenVPN I use neither.

For efficiency ? Any hint to share ?

> I've been running OpenVPN for years in several environments on Linux in
> conjunction with iptables, but not with FireHOL yet. On the client side
> OpenVPN will take care of setting the client's routing table for you if
> you've got the appropriate statement in the server's config, such as:
>   push "route"
> if your LAN behind the server is So if port 1194 is open on
> the client, you're set.

Actually my server is a OpenVZ VPS box, and the network set is quite unreadable for me:
how can the correct address (here  `') be determined ?

Thanks in advance,

> Whit

More information about the Firehol-support mailing list