R
R
raingosling2016-03-02 07:45:40
linux
raingosling, 2016-03-02 07:45:40

OpenVPN doesn't need me the entire subnet behind the server?

I'll try to describe the situation, if there is not enough information, ask, don't throw stones right away, I'm just learning.
So. The network, let's say at the enterprise, consists of two subnets, let's say 192.168.1. ... and 192.168.2 ..., with its own DNS, the question of remote access arises.
A virtual machine, it has an ubuntu server, the first interface with an external IP address to which to knock from, say, another country. The internal tap address of the server is 192.168.3.1, all clients receive an IP for the TAP adapter from 192.168.3.100 to 192.168.3.200.
After the server, I can see two subnets, it is written in server.conf:
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
But the task is brewing if I need to close the first subnet (if it’s completely clear, I commented it out and there’s no access to it), I need to leave several computers for use from outside, I heard somehow you can prescribe individual hosts, it’s not entirely clear how it is do.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
Andrey Burov, 2016-03-02
@raingosling

push "route 192.168.1.123 255.255.255.255"
In general, it is better to do this with a firewall, because. the user will be able to write to himself the routes he wants.

D
Dmitry, 2016-03-02
@Tabletko

How about allowing individual addresses through the firewall?

S
Sergey, 2016-03-02
@hamnsk

2 firewall rules will solve your problem
sudo ufw deny from 192.168.3.0/24 to any
sudo ufw allow from 192.168.3.101 to any
as an option

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question