This tutorial, in its section
"Using routing and OpenVPN not running on the default gateway," discusses this configuration, although not as completely as I would prefer.
I would therefore like to know if any of you can recommend
other web-pages that I should read.
The desired configuration is that
anyone on a specific local network address-range will be able to connect to a specified secure external subnet
(hosted by an OpenVPN server on a remote system), if one particular computer on the local network is running an OpenVPN client service
(i.e. "on behalf of all of them"). This one computer would act, in all respects, as a "local router" leading to that network.
It seems to me that this scheme can be achieved if the [i](hardware ...) router of the local network contains
two static-routing rules:
- (As discussed in the web page cited above ...) A static-route rule that forwards replies sent to e.g. "10.8.x.x" back to the OpenVPN client.
- (Is this right ...?) A second rule which forwards traffic being sent to the remote network (e.g. "10.11.xx.yy") also to the OpenVPN client.
(And, in addition, a DHCP rule that assigns a fixed local IP-address to the OpenVPN client machine.)
Will OpenVPN require a configuration-directive telling it to expect traffic to be coming to it from a variety of local IP-addresses? To tell it to behave as a true "local router" towards them?
I
think I know the answers to these questions ... and I'll be sure to post them here, later ... but I'm certainly not afraid to
ask. I'd appreciate a "sanity check" on this.
