|
|
Hello Phillip & Others, First of all sorry for the late reply. On 24-Oct-2005 5:08, Phillip Vandry wrote: > On Sun, Oct 23, 2005 at 09:29:36PM +0200, Stijn Jonker wrote: > >>Small ascii art describing setup: >>---------------------------------- >> >> -------- >> | hn01 | \ >> / -------- \ >> / \ >>-------- / -------- \ -------- >>| hn00 | ---- | hn02 | ---- | ad00 | >>-------- \ -------- / -------- >> | \ / | >> | \ -------- / | >> | \ | hn03 | / | >> | -------- | >> |____________________________| >> > > > It sounds to me like you should be able to do this if you leave your > BGP sessions in place. Did you instead want to get rid of BGP? No, the idea was to keep BGP in there as it's also used for blackholing and sinkholing. > I would also leave hn00 <--> ad00 as a dedicated PtP tunnel while moving > to client/server for the rest. Each machine would have two tun interfaces. Yes it is, and had no intention to change. > Disable (do not use) the client-to-client option. > > The networks at hn01, hn02, and hn03 should be iroute'd to the apropriate > clients by hn00 and ad00, but not route'd. Your dynamic routing protocol > will let hn00 and ad00 learn those same routes from the remote clients > themselves and from each other through the dedicated tunnel, and put them > into the kernel routing tables. The way I fixed this was to use the TAP device in routed mode instead of the tun devices, now the VPN's daemon's at hn00 and ad00 do the routing and they clients think they are all interconnected. The funny side effect is, if I don't configure BGP peering between for instance hn01 and hn02, they can't reach each other, which is great for some limited connectivity. Thanks for your reply! -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker <SJCJonker@xxxxxx> ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |