|
|
Hmm. Okay...
So what are the requirements for these virtual addresses? The addresses
you list are public, and resolve back to your domains. I thought the
virtual tunnel had to use otherwise unused addresses?
I see you're doing tunnels across the Internet for providing a virtual
static public interface for a remote computer on a dynamic address. Does
your technique work for connecting private networks?
I haven't tried using existing IP addresses for the tunnel--but I do
know the way I've set it up works. And if you're trying to hook multiple
road warriors into a LAN, it has the advantage of only needing one
additional route on the default gateway to send traffic back through the
tunnel to the road warriors, no matter what the road warriors' IP
addresses are. (My LAN VPN gateway is behind a firewall/NAT router).
Until I added this backwards route on the NAT router, connections to
other servers on the LAN from a road warrior timed out.
Cheers,
John Locke
Dick St.Peters wrote:
John Locke writes:
These are going to two completely different subnets. With a tun device,
you need to set up a subnet purely for the VPN, and use two unique
addresses on it--one for each end of the tunnel. So if one of your
existing networks uses 192.168.0.0/24, and your other uses
10.0.0.0/something, choose a third subnet for the VPN.
John, this is not correct. I run OpenVPN with unrelated addresses all
the time. In fact, even my tunnel demonstration at
http://www.nz.netheaven.com
uses unrelated addresses:
New York State end virtual address: 208.20.133.30
New Zealand end virtual address: 206.231.158.145
--
Dick St.Peters, stpeters@xxxxxxxxxxxxx
!DSPAM:3fe07f1a35415540538350!
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|