[Klug-general] VPN Endpoints

Benjamin Donnachie benjamin at py-soft.co.uk
Wed Apr 8 17:03:47 UTC 2009


2009/4/8 James Leighton <james at hostj.net>:
> except, we only want them to access the gateway and no local resources on
> network 1!

You could achieve that with an iptables rule that only allows
forwarding from the VPN tunnel for packets destined to network two.

> Anyway, would my best course of action be to set up a VPN box with 2
> interfaces, acting as a NAT router on one and that terminates the VPN (which
> I'd forward through the router) on the other? Or is there a simpler
> solution?

NAT may not be necessary - I use something similar to restrict access
on a second network at work to just RDP traffic.

I haven't used OpenVPN for a while, but I'd expect you to be able to
achieve what you want with that with appropriate iptables forwarding
rules, though I'd need more information on your set up.  Where are you
based?  Free free to contact me off list with more info.

Ben



More information about the Kent mailing list