|
|
Well, technically, there are 128 IPs there, BUT, the way that --ifconfig-pool pushes them is in /30 subnets. This will permit each network to have 1 network address, 1 route, 1 node and 1 broadcast address (4 total per /30 subnet). There are 32 such subnets contained in that range, thus allowing for only 32 'nodes' given that the other end of the tunnel is a 'route', although I'm unsure of where the 'route' is contained or if it's even specified -- Quite honestly, I can't find it (it should be 10.2.0.129). Within OpenVPN perhaps? It looks like everything for that subnet is routed onto 130. ...I'm curious as to how this is executed. (= ----- Original Message ----- From: "Juan Rodriguez Hervella" <jrh@xxxxxxxxxx> To: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx> Cc: <uml@xxxxxxxxx> Sent: Wednesday, March 31, 2004 3:09 PM Subject: Re: [Openvpn-users] OpenVPN 2.0 -- Project Update and Release Notes > On Wednesday 31 March 2004 19:18, uml@xxxxxxxxx wrote: > > Here are my configs: Let the testing begin! > > > > I'm using TLS authentication in server mode with version 2.0 beta test18 on > > both ends. > > > > Server: VMWare host running RedHat 9 > > dev tun > > ifconfig 10.2.0.1 10.2.0.2 > > tls-server > > dh dh2048.pem > > ca my-ca.crt > > cert ovpn_server.crt > > key ovpn_server.key > > port 5500 > > ping 15 > > verb 4 > > cipher AES-256-CBC > > no-replay > > mode server > > ifconfig-pool 10.2.0.128 10.2.0.255 > > push "route 10.2.0.1 255.255.255.255" > > push "route 192.168.2.0 255.255.255.0" > > route 10.2.0.0 255.255.255.0 > > > > > > Host: Windows 2000 Pro SP3 > > remote openvpn.dot1q.net > > dev tun > > tls-client > > ca my-ca.crt > > cert home.crt > > key home.key > > ping 10 > > cipher AES-256-CBC > > no-replay > > port 5500 > > verb 4 > > pull > > > > No reboots required when I upgraded either the server or client from 1.50 > > on each. I'm about to add another Windows 2003 Server and Fedora Core 1 to > > the client mix to see how the server mode scales. Note that this will only > > allow for a maximum of 32 clients due to the ifconfig-pool size (.128 - > > .255). > > Hellooooooo, > > I might be asleep, but wouldn't it be 128 clients ? that is what > fits from 128 to 255.. > > See you! > > > > So far, everything is working well. I'm wondering what the > > possibilities are of pushing a specific IP(or /30 net) is to a specific > > cert... more investigation (scripting) is under way. > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: IBM Linux Tutorials > > Free Linux tutorial presented by Daniel Robbins, President and CEO of > > GenToo technologies. Learn everything from fundamentals to system > > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > > _______________________________________________ > > Openvpn-users mailing list > > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > > https://lists.sourceforge.net/lists/listinfo/openvpn-users > > -- > ****** > JFRH > ****** > > Those who make peaceful revolution impossible will make violent > revolution inevitable. > -- John F. Kennedy > ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |