RE: Ayuda openvpn (ya me funciona).

To: <debian-user-spanish@lists.debian.org>
Subject: RE: Ayuda openvpn (ya me funciona).
From: "Sergio Villalba" <svillalba@cherrytel.com>
Date: Thu, 22 Dec 2005 16:53:43 +0100 (CET)
Message-id: <[🔎] 4339.213.9.234.24.1135266823.squirrel@webmail.cherrytel.com>

>A proposito, alguien sabe como se hace para que el servidor VPN asigne una
>determinada IP de la LAN remota que se desea acceder via OpenVPN y que
>ademas
>se le asigne el gateway de la LAN remota. Resulta que necesito que el road
>warrior asuma una determinada IP de la LAN, la cual pertenecera a una
VLAN >de
>la red remota, la cual ademas, es parte de una red mayor

Veamos,

tiene que activar la directiva
client-config-dir ccd

luego en el directorio openvpn (/etc/openvpn) crea una carpeta que se
llame ccd
hay dentro tiene que crear unos ficheros con el nombre que tenga el "CN
del certificado"

-rw-r--r--  1 root root 36 dic 22 16:24 svillalba
ifconfig-push 10.9.233.5 10.9.233.6

=============================================================
Aki pongo lo que hay en el howto:
Because we will be assigning fixed IP addresses for specific System
Administrators and Contractors, we will use a client configuration
directory:

client-config-dir ccdNow place special configuration files in the ccd
subdirectory to define the fixed IP address for each non-Employee VPN
client.

ccd/sysadmin1
ifconfig-push 10.8.1.1 10.8.1.2
ccd/contractor1
ifconfig-push 10.8.2.1 10.8.2.2
ccd/contractor2
ifconfig-push 10.8.2.5 10.8.2.6

Each pair of ifconfig-push addresses represent the virtual client and
server IP endpoints. They must be taken from successive /30 subnets in
order to be compatible with Windows clients and the TAP-Win32 driver.
Specifically, the last octet in the IP address of each endpoint pair must
be taken from this set:


[  1,  2] [  5,  6] [  9, 10] [ 13, 14] [ 17, 18]
[ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38]
[ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58]
[ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78]
[ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98]
[101,102] [105,106] [109,110] [113,114] [117,118]
[121,122] [125,126] [129,130] [133,134] [137,138]
[141,142] [145,146] [149,150] [153,154] [157,158]
[161,162] [165,166] [169,170] [173,174] [177,178]
[181,182] [185,186] [189,190] [193,194] [197,198]
[201,202] [205,206] [209,210] [213,214] [217,218]
[221,222] [225,226] [229,230] [233,234] [237,238]
[241,242] [245,246] [249,250] [253,254]
=================================================================

Una duda de seguridad de openvpn, en los log aparece esto
tls_server = ENABLED
tls_client = DISABLED --> esto que significa
key_method = 2
ca_file = 'keys/cert/ca.crt'
dh_file = 'keys/cert/dh1024.pem'
cert_file = 'keys/cert/server.crt'
priv_key_file = 'keys/cert/server.key'
pkcs12_file = '[UNDEF]'
cipher_list = '[UNDEF]'
tls_verify = '[UNDEF]'
tls_remote = '[UNDEF]'
crl_file = '[UNDEF]'

Un saludo.
Felices Fiestas

Reply to:

Prev by Date: Re: XMMS se cuelga al reproducir
Next by Date: Re: XMMS se cuelga al reproducir
Previous by thread: RE: Ayuda openvpn (ya me funciona).
Next by thread: INSTALAR MONO DESDE CONSOLA EN DEBIAN??
Index(es):
- Date
- Thread