On Apr 3, 2009, at 10:07 AM, Michael Keuter wrote: >>>> 1) Extend the current openvpn definition/instance to be either >>>> client >>>> or server. >>>> >>>> 2) Create a new openvpn client definition/instance (openvpnclient) >>>> that acts as a separate openvpn client, using OVPNC_* variables. >>>> >>>> >>>> It is possible, currently, to define your own /mnt/kd/openvpn/ >>>> openvpn.conf file configured as a client, superseding the OVPN_* >>>> rc.conf variables. If this file exists, the web interface will >>>> prompt >>>> the user to edit the file instead of showing the OpenVPN sub-tab. >>>> >>>> I know Darrick has a lot of experience with this, so I look >>>> forward to >>>> his comments. >>> >>> Lonnie's description is accurate. If you need a client example, I >>> can >>> post one later. >>> >>> Darrick >> >> Thanks for your answers. >> >> @Darrick: It would be great if you could post an example. >> >> Michael > > I got a working connection between both boxes by creating a > "/mnt/kd/openvpn/openvpn.conf" with a client config now. > One issue is, that I cannot reach the internal LAN on the client side > from the server side. The internal LAN on the server is accessable. > On both sides "Allow OpenVPN tunnel to the 1st LAN Interface" in the > Firewall-Tab is checked.
Look in the Status tab, is OVPN_SERVER defined to anything? It should be empty or not defined, for your openvpn client case. If that looks OK, another try, in your Network tab "User System Variables" (user.conf) set INT_IF_TRUST="eth1 tun1" where eth1 is you 1st LAN interface and tun1 is your "dev tun1" line, adjust INT_IF_TRUST accordingly. Currently the "Allow OpenVPN tunnel to the 1st LAN Interface" option does not apply if OVPN_SERVER is not defined... I can readdress this case from your results. > Another question: How is it possible to reach the client Astlinux box > from "external" to remote administer it (over the tunnel)? It does > not work, when I have another OpenVPN connection from "extern" to the > server. The 2 VPN connections are not "bridged". Maybe that is normal. This would require 2) above to be implemented. A separate openvpn process each for the client and for the server. Lonnie ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
