[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] subnet-subnet in OpenVPN 2.0


  • Subject: Re: [Openvpn-users] subnet-subnet in OpenVPN 2.0
  • From: "M Lu" <mlu919@xxxxxxxxxxx>
  • Date: Mon, 25 Oct 2004 00:04:05 -0400

Mathias,

Thank you for your inputs. Too bad that my 'other server' admin is away for the weekend so I can try the ideas. But it means that I still have 2 instances of OpenVPN running, correct? For example, the other server has to run one as 'server' and another one as 'client'.



Apart from this, the "other server" should be configured just like a road warrior client.


----- Original Message ----- From: "Mathias Sundman" <mathias@xxxxxxxxxx>
To: "M Lu" <mlu919@xxxxxxxxxxx>
Cc: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Sunday, October 24, 2004 2:12 PM
Subject: Re: [Openvpn-users] subnet-subnet in OpenVPN 2.0



On Sun, 24 Oct 2004, M Lu wrote:

Is that possible to run one instance of OpenVPN 2.0 and use it as Server to a couple of road-warriors and at the same time subnet to subnet with another Server? I do not know how to specify subnet to subnet in 2.0. Could anybody help me or give me a sample config?

---------------

My current 2.0 server.conf is something like that

# Which local IP address should OpenVPN
port 5000
proto udp
dev tun0
ca ca.crt
cert my_server.crt
key my_server.key
server 10.180.180.0 255.255.255.0
push "route 192.168.2.0 255.255.255.0"
..

and it works with road-warriors. Now I would like to add some settings so that my 192.168.2.x can talk to subnet 10.9.9.x behind another VPN server.

Yes, this is possible.

I'm not 100% about how to configure it, but here's some tips so start with at least.

In the server config, add "client-config-dir xxx" so you can create a unique config for that perticular client that has the 10.9.9.0/24 subnet behind him.

Then create a file names as the CommonName of this client in the client-config-dir and add:

iroute 10.9.9.0 255.255.255.0

If you want your roadwarriors to reach this subnet to, you should add a push route for this subnet in your main server config. You must also add "client-to-client".

You should also add a route in your O/S on the openvpn server for the 10.9.9.0/24 network. I think you should route this to 10.180.180.1. I'm a little uncertain about that...

Apart from this, the "other server" should be configured just like a road warrior client.

Good Luck!

--
_____________________________________________________________
Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://www.nilings.se/openvpn    / \   NO Word docs in e-mail

____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users