|
|
I've decided to switch from 1.5.0 to 2.0.b1. Under 1.5.0 I was successfully running around 30 clients (separate openvpn process and udp port foreach client -- a big pain). I'm *very* excited about 2.0's multi-client capability!! :) I'm having some implementation issues however. 4 questions: Setup ----- version = openvpn 2.0.b1 on both server and clients style = tun server = freebsd 4.9-rel clients = freebsd 4.9-rel, freebsd 5.2.1-rel, windows xp, (i would like to get Mac OSX 10.3 working) 1. How do you make the connection resilient to interruption events w/out resulting to exesively chatterful --ping-restart, like "ping-restart 5"? This "works", but it really isn't ideal as the client is constantly SIGUSR1'ing! If I have 100-200 clients, this makes for a useless server logfile. :) Running the clients in TCP isn't desired either for performance reasons (I'm *only* doing IP protocols). I've tried various combinations of "ping" and "ping-restart" values, but in the end it always seems like the client SIGUSR1's at always the "ping-restart" interval ... even if the "ping" interval is less. 2. This is more a comment than an implementation issue, but it appears I need to escape the backslashes in the client configuration file (for windows client) for things like "up" and "down" script paths. Eg - up "c:\\Progra~1\\OpenVPN\\config\\client_up.bat" Is this intended? If it isn't, either I'm formating the statement incorrectly, or this is a non-critical bug. :) 3. In the example config file section of the 2.0b1 release notes, there are 2 statements I have questions about: a. "ifconfig 10.8.0.1 10.8.0.2" -- What is actually at the .2 side? Is this there merely there for completeness? I realize the server's tun driver probably needs to bind to something, but I'm not totally clear on what .2 is doing. Also, related to this, why isn't it possible to start the pool at "10.8.0.1" rather than "10.8.0.4"? b. "push 'route 10.8.0.1 255.255.255.255'" -- What is this for? If the clients are doing "redirect-gateway", is this particular push statement needed? Is it trying to push some sort of default route to client? 4. If I want to keep everything as generic as possible, configuration file-wise, what is the best way (or a good way) to propagate the client's default gateway w/out having to specify an actual IP addr? The only way I was able to get this to work is by using "redirect-gateway" and "route-delay 0" together. I'm not so sure this is a good thing, at least the route-delay part, as I am trying to dhcp everything, both the real and virtual interfaces... Thanks for any advice! Basic config files for freebsd server and windows xp client below: ----------------server---------------- dev tun0 local 10.1.1.1 port 5000 mode server client-to-client ifconfig 192.168.200.1 192.168.200.2 ifconfig-pool 192.168.200.4 192.168.200.251 route 192.168.200.0 255.255.255.0 inactive 600 tls-server dh /usr/local/etc/openvpn/certs/CA/dh1024.pem ca /usr/local/etc/openvpn/certs/CA/CA.crt cert /usr/local/etc/openvpn/certs/gw-wifi.crt key /usr/local/etc/openvpn/certs/gw-wifi.key comp-lzo verb 3 -------------------------------------- ----------------client---------------- dev tun remote 10.1.1.1 port 5000 pull redirect-gateway route-delay 0 tls-client ca CA.crt cert vega.crt key vega.key comp-lzo ping 10 ping-restart 5 verb 3 mute 10 -------------------------------------- -Adam Richards ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |