Re: [Openvpn-users] Server Script Execution Order

Wed, 27 Apr 2016 10:05:10 -0700 

Hey Jan,

Thank you for the recommendation, I actually purchased your book, and read
through it all of yesterday at work. After reading Section 7 about scripts
(see the specific section here: http://imgur.com/EskezTX, I took a
screenshot) it seems the best way to accomplish the following:

   - No Internet traffic routed through the VPN
   - Per user firewall rules on the server
   - Per user routes pushed to each user, while using the same client side
   configuration

Would be to have a script that did the following:

   - First pulled firewall rules from LDAP, and placed them in the
   `client-config-dir` as a file so that the routes are pushed dynamically to
   each client
   - Secondly, used `learn-address` to process those same firewall rules
   using iptables on the server side

It seems that the only way to dynamically push routes to clients is the
client config directory. Is that right? Did I miss something?

On Tue, Apr 26, 2016 at 2:09 AM, Jan Just Keijser <janj...@nikhef.nl> wrote:

> Hi,
>
> Scott Crooks wrote:
>
>> Greetings,
>>
>> Is there documentation available that lists, in detail, the process of
>> when a user connects to an OpenVPN server? I am wanting to have an OpenVPN
>> server that has the following requirements:
>>
>> - Authenticates users via LDAP (got this part figured out already)
>> - Pulls per user firewall rules from LDAP, and pushes them dynamically to
>> each user
>> - Does not route Internet traffic through the VPN
>>
>> I get confused as to whether I should be calling the per user firewall
>> script using `learn-address` or `up`, and when each is executed.
>>
>
> this is explained in detail in the book "Mastering OpenVPN" by Eric Crist
> and me.
> As David already explained, you'll want to take a look at --client-connect
> and --learn-address .
>
> HTH,
>
> JJK
>
>


-- 
Scott Crooks (王虎)
LinkedIn: http://www.linkedin.com/in/jshcrooks

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to