Using an 'ifconfig-pool' block
In this recipe, we will use an ifconfig-pool block to separate regular VPN clients from administrative VPN clients. This makes it easier to set up different firewall rules for administrative users.
Getting ready
We use the following network layout:
This recipe uses the PKI files created in the first recipe of this chapter. For this recipe, we used the server computer that was running the CentOS 5 Linux and OpenVPN 2.1.1. The VPN client Client was running the Windows XP and OpenVPN 2.1.1 and was on the 192.168.200.0 network. The VPN client Admin Client was running Fedora 12 Linux and OpenVPN 2.1.1 and was on the 192.168.202.0 network. For the Linux clients, keep the client configuration file basic-udp-client.conf from the recipe Server-side routing at hand.
How to do it...
Create the server configuration file:
proto udp port 1194 dev tun mode server ifconfig 192.168.200.1 192.168.200.2 ifconfig-pool 192.168.200.100 192.168.200.120 route 192.168.200.0 255.255.248...
