|
|
John Locke writes: > So what are the requirements for these virtual addresses? The addresses > you list are public, and resolve back to your domains. I thought the > virtual tunnel had to use otherwise unused addresses? The addresses can be any valid IP addresses ... well, IPv4 addresses. To avoid conflicts, the tunnel virtual addresses do need to be otherwise unused. That's not a problem here. The addresses are in blocks assigned to me, so I have control over who uses them. > I see you're doing tunnels across the Internet for providing a virtual > static public interface for a remote computer on a dynamic address. Does > your technique work for connecting private networks? Yes, but I'm not really doing anything that rates calling it my technique. I'm just making use of capabilities provided by software like OpenVPN - I package what already exists. (There are exceptions. Having source I can customize has rescued a number of situations. I don't think I've ever had to customize OpenVPN though, but I have had to operate on the source for other VPN technologies.) > And if you're trying to hook multiple > road warriors into a LAN, it has the advantage of only needing one > additional route on the default gateway to send traffic back through the > tunnel to the road warriors, no matter what the road warriors' IP > addresses are. The majority of my tunnels have remote virtual addresses assigned from a common subnet for just this reason. However, I also offer my tunnel users small public-IP subnets, and a few take me up on the offer. Also, I no longer depend on static routing, so having the tunnel IPs in a common subnet no longer matters. I run zebra and ospfd on the tunnel server, so when a user brings up a tunnel, a route to it and a route to any subnet are automatically added to my network's routing. (I would not recommend trying this in a production environment unless you have significant OSPF experience.) -- Dick St.Peters, stpeters@xxxxxxxxxxxxx Gatekeeper, NetHeaven, Saratoga Springs, NY ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2003-12/msg00085.html on line 219 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2003-12/msg00085.html on line 219 |