|
|
James Yonan wrote: I don't think this would solve the problem because OpenVPN would still need to route outbound traffic from one tun/tap interface to a potentially large set of clients. The need for OpenVPN to internally route or bridge doesn't go away unless you have a one-to-one correspondence between clients and tun/tap interfaces on the server, like you do with 1.x. I think this method might be workable, but is most likely not worth the effort to implement :-) In fact in think this one-to-one correspondence is a key feature of OpenVPN, and that many people who want fine-grained control over every client may not want to use the new 2.0 features. I see the 2.0 multi-client server as being a way to handle large numbers of clients which are mostly treated the same with regards to routing and firewalling. Running hundreds of clients through a single tun/tap interface, you can firewall off the interface in a way that treats the entire client cloud as a group. And that's really the whole point of the 2.0 exercise -- to give admins the ability to handle a large number of road-warrior-type dynamic clients with a simple config file on both server and client. I hope that paragraph ends up in the OpenVPN 2.0 documentation in some form; that's a very concise way of explaining the difference between 1.0 mode and multi-client mode. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |