[Firehol-support] OpenVPN client: sample

Jerome BENOIT g6299304p at rezozer.net
Sat Jul 26 09:36:03 BST 2014


Hello Whit,

thanks for the reply.

On 26/07/14 04:07, Whit Blauvelt wrote:
> On Sat, Jul 26, 2014 at 12:11:11AM +0200, Jerome BENOIT wrote:
> 
>> https://www.digitalocean.com/community/tutorials/how-to-secure-traffic-between-vps-using-openvpn
> 
>> was useful, but unfortunately the client is less documented in it.
> 
> There's surely more than one way to do it. But that page looks kind of crazy
> to me.

I am ready to buy that.


 I have no idea why it's using masquerade, for instance. First off,
> source NAT is more efficient than masquerade, so is fairly standard if load
> matters.

Concretely what would be the NAT command within a FireHOL configuration file ?


 But second, in the context of OpenVPN I use neither.

For efficiency ? Any hint to share ?

> 
> I've been running OpenVPN for years in several environments on Linux in
> conjunction with iptables, but not with FireHOL yet. On the client side
> OpenVPN will take care of setting the client's routing table for you if
> you've got the appropriate statement in the server's config, such as:
> 
>   push "route 192.168.1.0 255.255.255.0"
> 
> if your LAN behind the server is 192.168.1.0/24. So if port 1194 is open on
> the client, you're set.

Actually my server is a OpenVZ VPS box, and the network set is quite unreadable for me:
how can the correct address (here  `192.168.1.0/24') be determined ?


Thanks in advance,
Jerome

> 
> Whit
> 



More information about the Firehol-support mailing list