[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN 2.0 -- Project Update and Release Notes


  • Subject: Re: [Openvpn-users] OpenVPN 2.0 -- Project Update and Release Notes
  • From: uml@xxxxxxxxx
  • Date: Wed, 31 Mar 2004 15:52:17 -0500

Well, technically, there are 128 IPs there, BUT, the way
that --ifconfig-pool pushes them is in /30 subnets.  This will permit each
network to have 1 network address, 1 route, 1 node and 1 broadcast address
(4 total per /30 subnet).  There are 32 such subnets contained in that
range, thus allowing for only 32 'nodes' given that the other end of the
tunnel is a 'route', although I'm unsure of where the 'route' is contained
or if it's even specified -- Quite honestly, I can't find it (it should be
10.2.0.129).  Within OpenVPN perhaps?  It looks like everything for that
subnet is routed onto 130.

...I'm curious as to how this is executed. (=



----- Original Message ----- 
From: "Juan Rodriguez Hervella" <jrh@xxxxxxxxxx>
To: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
Cc: <uml@xxxxxxxxx>
Sent: Wednesday, March 31, 2004 3:09 PM
Subject: Re: [Openvpn-users] OpenVPN 2.0 -- Project Update and Release Notes


> On Wednesday 31 March 2004 19:18, uml@xxxxxxxxx wrote:
> > Here are my configs:  Let the testing begin!
> >
> > I'm using TLS authentication in server mode with version 2.0 beta test18
on
> > both ends.
> >
> > Server: VMWare host running RedHat 9
> > dev tun
> > ifconfig 10.2.0.1 10.2.0.2
> > tls-server
> > dh dh2048.pem
> > ca my-ca.crt
> > cert ovpn_server.crt
> > key ovpn_server.key
> > port 5500
> > ping 15
> > verb 4
> > cipher AES-256-CBC
> > no-replay
> > mode server
> > ifconfig-pool 10.2.0.128 10.2.0.255
> > push "route 10.2.0.1 255.255.255.255"
> > push "route 192.168.2.0 255.255.255.0"
> > route 10.2.0.0 255.255.255.0
> >
> >
> > Host: Windows 2000 Pro SP3
> > remote openvpn.dot1q.net
> > dev tun
> > tls-client
> > ca my-ca.crt
> > cert home.crt
> > key home.key
> > ping 10
> > cipher AES-256-CBC
> > no-replay
> > port 5500
> > verb 4
> > pull
> >
> > No reboots required when I upgraded either the server or client from
1.50
> > on each.  I'm about to add another Windows 2003 Server and Fedora Core 1
to
> > the client mix to see how the server mode scales.  Note that this will
only
> > allow for a maximum of 32 clients due to the ifconfig-pool size (.128 -
> > .255).
>
> Hellooooooo,
>
> I might be asleep, but wouldn't it be 128 clients ? that is what
> fits from 128 to 255..
>
> See you!
>
>
> > So far, everything is working well.  I'm wondering what the
> > possibilities are of pushing a specific IP(or /30 net) is to a specific
> > cert... more investigation (scripting) is under way.
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: IBM Linux Tutorials
> > Free Linux tutorial presented by Daniel Robbins, President and CEO of
> > GenToo technologies. Learn everything from fundamentals to system
> > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> > _______________________________________________
> > Openvpn-users mailing list
> > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
> -- 
> ******
> JFRH
> ******
>
> Those who make peaceful revolution impossible will make violent
> revolution inevitable.
> -- John F. Kennedy
>


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users