pushing routes to public ip blocks

[bignose]

Hi,

I want to use openvpn to allow access past our firewall. That is we want to block SSH to any one not using our VPN. All of our servers sit on public IP addresses, they do not have a private block from 10.x 192.x 179 etc...

Right now I have my vpn setup such that i can ping 10.8.0.1 no problem, however if i add

push "route xxx.48.78.64 255.255.255.192"

and then connect to my VPN via viscosity. If i then ping 10.8.0.1 , my cpu goes thru the roof, both openvpn and viscoty process take up as much cpu as then can and ping tells me i am out of buffer space....

Thoughs?

[krzee]

Hi,

I want to use openvpn to allow access past our firewall. That is we want to block SSH to any one not using our VPN. All of our servers sit on public IP addresses, they do not have a private block from 10.x 192.x 179 etc...

Right now I have my vpn setup such that i can ping 10.8.0.1 no problem, however if i add

push "route xxx.48.78.64 255.255.255.192"

and then connect to my VPN via viscosity. If i then ping 10.8.0.1 , my cpu goes thru the roof, both openvpn and viscoty process take up as much cpu as then can and ping tells me i am out of buffer space....

Thoughs?

you are creating a routing loop. you must connect to the internet IP outside the vpn to be connected to the vpn, then you set that internet ip to route through the vpn.

only run sshd listening on the vpn IP, and make sure openvpn runs before sshd starts when you boot
then you can connect to your ssh by using the VPN ip.

[bignose]

Thanks.

I actually go the issue solved by pushing multiple routes with more specific netmasks, to "avoid" the machine running openvpn. It works quite well now.