|
|
Dear list.
Hopefully I am not adding to the confusion.
I have a tunnel between two openvpn 1.6 processes on two LEAF firewalls,
home and office.
In order for a third openvpn on a wireless laptop to access the subnet
behind the office firewall, ascii art:
laptop ------ WLAN --- home fw -- Internet -- office fw --- subnet
192.168.1.x 192.168.10.x
<-------tun 1---------> <-------- tun0 ------->
On office firewall I must have route table as follows:
(snip of office tunnel, where remote is 10.1.10.1)
9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen
10
link/ppp
inet 10.1.10.2 peer 10.1.10.1/32 scope global tun0
firewall: -root-
# ip route sho
10.1.10.1 dev tun0 proto kernel scope link src 10.1.10.2
10.1.1.2 via 10.1.10.1 dev tun0
192.168.1.0/24 via 10.1.10.1 dev tun0
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.254
The partial route table above has a route pointing back to the
192.168.1.0 subnet so that packets can make it back to the laptop. A
little strange to me, but it was necessary. So there is a use for the
opposite end of the tunnel, on home fw (10.1.10.1). I have two route
directives in openvpn.conf:
route 192.168.1.0 255.255.255.0
route 10.1.1.2
HTH,
Rick.
-----Original Message-----
From: openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx
[mailto:openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of James
Yonan
Sent: Thursday, June 02, 2005 7:37 AM
To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] misunderstanding with respect to openvpn
server ip address assignment
On Wed, 1 Jun 2005, Jason Keltz wrote:
> I wish to assign a specific IP to an OpenVPN server. The clients
> receive their addresses manually through the ccd mechanism and not
> through the address pool. Instead of using:
>
> server 10.8.0.0 255.255.255.0
>
> I want to use:
>
> mode server
> tls-server
> ifconfig 10.8.0.1 10.8.0.2
> route 10.8.0.0 255.255.255.0
>
> This works. One client happens to be 10.8.0.10.
>
> What is not clear to me is why I require the 10.8.0.2? Isn't the VPN
> endpoint different for each host in "server" mode? I'm sure I'm
> misunderstanding the concept, and I'm sure that someone can clear up
the
> misundestanding quickly.
A point-to-point link must have two IP addresses defined: one for the
local endpoint, and one for the remote endpoint. The 10.8.0.2 is the
remote endpoint for the server's tun interface. In practice, when using
OpenVPN in multiclient mode, the remote endpoint is only used as a
gateway
for routes.
For example, if you want to route a given subnet to the VPN, you would
use
10.8.0.2 as gateway for the route.
James
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-06/msg00026.html on line 256
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-06/msg00026.html on line 256
|