- IPsec Versus OpenVPN
- Requirements for the OpenVPN Solution
- Setting Up the Public Key Infrastructure (PKI)
- Setting Up the VPN Serve
- Configuring OpenVPN
- Configuring a Sample Client
- Connecting to the Server
- Configuring the Routing
- Working with Unprivileged Users
- Advantages and Disadvantages of This Solution
Configuring the Routing
At this point, there's no connection between the VPN and LAN clients because the networks have not fully been configured to route the traffic from one to the other. There are three possible methods you can use to create routing paths:
- NATed VPN server. The easiest solution avoids all routing issues and makes the VPN server a NAT gateway, which will make all VPN traffic appear from the VPN server's LAN IP. This is the worst solution, however, because logging is next to impossible.
- Dedicated static routing. If only specific machines (for example, servers) are accessible from the VPN, it's possible to set up each client with static routes. However, this isn't the safest method because any client could add routes to the machine and access the servers. Security through obscurity is not security.
- Default gateway. A very elegant solution is to use the default gateway or an existing router and add an entry to its routing table. By default, all clients can communicate with the VPN, but firewall rules on the VPN gateway can be used to control the traffic.