Re: [Openvpn-users] tun Device Error

[John Locke <mail@xxxxxxxxxxxx>]

Hmm. Okay...

So what are the requirements for these virtual addresses? The addresses 
you list are public, and resolve back to your domains. I thought the 
virtual tunnel had to use otherwise unused addresses?

I see you're doing tunnels across the Internet for providing a virtual 
static public interface for a remote computer on a dynamic address. Does 
your technique work for connecting private networks?

I haven't tried using existing IP addresses for the tunnel--but I do 
know the way I've set it up works. And if you're trying to hook multiple 
road warriors into a LAN, it has the advantage of only needing one 
additional route on the default gateway to send traffic back through the 
tunnel to the road warriors, no matter what the road warriors' IP 
addresses are. (My LAN VPN gateway is behind a firewall/NAT router). 
Until I added this backwards route on the NAT router, connections to 
other servers on the LAN from a road warrior timed out.

Cheers,
John Locke

Dick St.Peters wrote:

> John Locke writes:
>  
>
> > These are going to two completely different subnets. With a tun device,
> > you need to set up a subnet purely for the VPN, and use two unique
> > addresses on it--one for each end of the tunnel. So if one of your
> > existing networks uses 192.168.0.0/24, and your other uses
> > 10.0.0.0/something, choose a third subnet for the VPN.
> >    
>
> John, this is not correct.  I run OpenVPN with unrelated addresses all
> the time.  In fact, even my tunnel demonstration at
> 		     http://www.nz.netheaven.com
> uses unrelated addresses:
>    New York State end virtual address: 208.20.133.30
>    New Zealand end virtual address:    206.231.158.145
>
> --
> Dick St.Peters, stpeters@xxxxxxxxxxxxx 
>
>
> !DSPAM:3fe07f1a35415540538350!
>
>
>  


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users