Thursday, March 19, 2009

Client-specific options

Of the new features in TomatoVPN 1.23vpn3.0000, the new client-specific options feature may be overshadowed by the more visible GUI overhaul and server status AJAX display. However, it is the feature I'm personally most excited about, so I thought I'd post to shed some light on it.

Using this option, you can have full bidirectional site-to-site TLS VPNs with no Custom Configuration or init scripts.

Selecting this option displays a table where you fill in the Common Name (from when you generated the TLS certificates), subnet (optional), and netmask (optional). If you fill in the subnet and netmask of the client, your server LAN will be able to communicate with your client LAN whenever it's connected (be sure not to choose the NAT option on the client router). Without this, you're stuck with just client->server communication.

If you also select the "Allow Client<->Client" option, another checkbox appears in the table that, when selected, allows other clients (or client LANs) to communicate with this client LAN. So, now you can have multiple sites all connected together with communication between any of them as desired.

An "allow only these clients" option is also present. With this selected, clients that aren't in the table are not allowed to connect. If you want to allow a client that doesn't have a LAN behind it (or you don't want to allow access to it), just put it in the table and leave the subnet/netmask blank.

With these options, this release removed the biggest limitation that's been present since the first release: having the VPN limited to client-initiated connections.

Feedback on this new feature is, of course, welcome and appreciated.

4 comments:

  1. Help! I've got a remote vpn server, and am connecting to it using this software. Connection works fine according to the logs at both ends, but I'm obviously screwing up the routing somewhere.

    The purpose of the connection is to connect 2 remote networks, so all I want from the linksys router is to make the remote network available to the local network, and route everything else via the existing default route.

    I've switched off nat, but am unsure which routing options should be set... at both ends!

    ReplyDelete
  2. @greengecko
    If that's all you want to do, you probably want to have the NAT checkbox selected, then you won't have to do any custom routing.

    For future reference, the forum is probably better suited for support issues. General questions and/or requests are probably more appropriate to handle via the blog.

    ReplyDelete
  3. Top 10 Casino Apps - Casinoworld
    In this section we'll walk you through our selection 바카라사이트 of top casino-roll.com casino apps, and hopefully you'll find titanium flat iron plenty of 출장샵 useful information on the top How do sol.edu.kg you use PayPal?Are there any deposit bonuses at your casino?

    ReplyDelete
  4. With a mixture of acute angles, smooth lines, and geometric configurations, the Maze roulette desk in walnut is characterized by a labyrinth-inspired base with a mystifying motif. Beautifully detailed with an American roulette wheel for endless recreation play, this luxury recreation desk exudes leading edge fashion and modern charm, making it an interesting focus 바카라사이트 in any room. As with all of our designs, the Maze desk could be customized in your selection of bespoke sizes, colours, and finishes. Two hand-sculpted legs bestow a way of traditional fashion upon the Baluster roulette desk in white. This luxury recreation desk includes a casino-grade high with an American wheel perched upon two extensive baluster column legs that mimic the curves and lines of crown molding.

    ReplyDelete