I'm not securing a wireless net, but I did use the following statement in the OpenVPN configuration file to set up the route between two private nets:
route 192.168.12.0 255.255.255.0 10.1.0.1 route remotenet subnetmask gateway. HTH. - Bob Coffman -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tibbs, Richard Sent: Tuesday, November 30, 2004 8:55 AM To: Livio R. Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] OPenvpn.lrp newbie Oops, Didn't know I had to supply the script...! Downloaded a couple of how-tos (openvpn howto, as well as a guide on shorewall's site. I also found a web page for something that I definitely want to do: secure my wireless network with openvpn. This page was http://slackerbit.ch/archives/2002/12/11/securing_wifi_with_openvpn.html . Only question I have is what the parameters are: The openvpn howto says route add -net 10.0.1.0 netmask 255.255.255.0 gw $5 The wifi howto (link above) says route add default $1 Can anyone tell me what the parameters are and how many? Which of these is going to work ... ? TIA Rick. -----Original Message----- From: Livio R. [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 30, 2004 6:01 AM To: Tibbs, Richard Subject: Re: [leaf-user] OPenvpn.lrp newbie replace "up ./route-a.up" with "up /<path>/route-a.up" if openvpn can't find the script, it will not be happy. also make sure you chmod +x the file. Livio AT Ravetto . Org Tibbs, Richard wrote: >Dear list. >I am experimenting with openvpn.lrp. >I have loaded the following packages in addition to J. Nilos tun.o >module. > openvpn > libssl > libcrypt > >The firewall is otherwise functioning normally, I have web access, etc. >In daemon.log, openvpn does fine until the ifconfig command fails >Then openvpn exits. The relevant log lines are shown below and my >openvpn.conf is included. > >Any help is appreciated. >Rick > > >Nov 29 17:30:48 firewall openvpn[16040]: Static Encrypt: HMAC KEY: >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (RWT deleted >it) >Nov 29 17:30:48 firewall openvpn[16040]: Static Encrypt: HMAC size=20 >block_size=64 >Nov 29 17:30:48 firewall openvpn[16040]: Static Decrypt: Cipher 'BF-CBC' >initialized with 128 bit key >Nov 29 17:30:48 firewall openvpn[16040]: Static Decrypt: CIPHER KEY: >b267482e 60b9dc38 8a4d4c18 6f8fb390 >Nov 29 17:30:48 firewall openvpn[16040]: Static Decrypt: CIPHER >block_size=8 iv_size=8 >Nov 29 17:30:48 firewall openvpn[16040]: Static Decrypt: Using 160 bit >message digest 'SHA1' for HMAC authentication >Nov 29 17:30:48 firewall openvpn[16040]: Static Decrypt: HMAC KEY: >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (RWT deleted >it) >Nov 29 17:30:48 firewall openvpn[16040]: Static Decrypt: HMAC size=20 >block_size=64 >Nov 29 17:30:48 firewall openvpn[16040]: MTU dynamic=1300 >Nov 29 17:30:48 firewall openvpn[16040]: Data Channel MTU parms [ >udp_mtu=1300 extra_frame=44 extra_buffer=0 extra_tun=0 dynamic = [ >mtu_min_initial=MTU_INITIAL_UNDEF mtu_max_initial=MTU_INITIAL_UNDEF >mtu_initial=MTU_SET_TO_MAX mtu_min=144 mtu_max=1300 mtu=1300 ]] >Nov 29 17:30:48 firewall openvpn[16040]: TUN/TAP device tun0 opened >Nov 29 17:30:48 firewall openvpn[16040]: /sbin/ifconfig tun0 10.1.1.1 >pointopoint 10.1.10.2 mtu 1256 >Nov 29 17:30:48 firewall openvpn[16040]: Linux ifconfig failed: could >not execute shell command >Nov 29 17:30:48 firewall openvpn[16040]: Exiting > >======================== openvpn.conf ============================== ># Use a dynamic tun device. >dev tun >local <my.pub.lic.IP> ># Our remote peer >remote <public IP address of laptop> > ># 10.1.0.1 is our local VPN endpoint ># 10.1.10.2 is our remote VPN endpoint >ifconfig 10.1.1.1 10.1.10.2 >up ./route-a.up ># Our pre-shared static key >secret static.key > > > > > > >------------------------------------------------------- >SF email is sponsored by - The IT Product Guide >Read honest & candid reviews on hundreds of IT Products from real users. >Discover which products truly live up to the hype. Start reading now. >http://productguide.itmanagersjournal.com/ >----------------------------------------------------------------------- - >leaf-user mailing list: [EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user >SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
