|
|
> > [ 2 or 3 threads merged here ] > Thanks. I wondered if maybe I was wording things wrong and not getting anyones attention, or if I was trying to go about it the wrong way. > > I'm trying to catch up on the list ... got way behind. Perhaps you saw > my post from September: > http://openvpn.net/archive/openvpn-users/2005-09/msg00110.html > Quite possible. I had thought it included a Cisco like set of instructions for a router, but I could have been envisioning in my head about it. :) I've read it a few times and I'm not sure this is doing what I want. I'm really looking for : INTERNET-->ROUTER-->Myserver_on_internet==OPENVPN==(SIS0)Myclient(SIS1)-->Switch |-->Cam |-->PC |-->Other My router handles 4 /24's off the net. Myserver_on_internet has one full /24 allocated to it. The OPENVPN tunnel comes into my "Myclient" on SIS0/ethernet from a satellite modem. SIS1 is a port into a Cisco 2924switch that has a webcam, PC and some other stuff on it. If I carve out maybe a /27 from the /24 allocated to Myserver_on_internet I could have some of the IP's out of the /24 appearing on Myclient. I could privately number Switch, Cam, PC and Other and NAT at the Myclient. I don't want to do that. I have a totally different /27 I want to allocate to Switch, Cam, PC and Other. So I could do that for SIS1 and all those items. I guess I then need to enable forwarding in Myclient (I wanted to know how to get OpenVPN to do this for me) and then on Myserver_on_internet I would need to maybe proxy arp for those IPs (I'd want OpenVPN to make sure that got done) or I could configure ROUTER to have the "Next Hop" for the /27 to be Myserver_on_internet. This way I was hoping the final end pieces could all have legal public IPs, be totally accessible, and all routed through the OpenVPN tunnel. I realize that those IPs would "disappear" off the net if the tunnel went down, but I nail up the /24 on my router and null it with a high metric if it isn't contactable. > > > I have a server thats allocated a /24, but unlike the other configs > > I saw, I don't want to pull a subset of the /24 to the client. I want > > a whole other /27 allocated to the client. How do I go about this on > > the client, server and if necessary in my routers. > > Is the ISP routing the whole /24 to this server, or are they running a > router there? > I'm the ISP. :) I own my own ASN, 2 T1's, dual routers, and the /24 on Myserver_on_internet is personally owned, the /27 I would use on the equipment was SWIP'd to me by my bandwidth provider. So I have my own VLAN with a gateway and the entire /24 allocated to the machine. > > On Tuesday 2006-January-31 11:12, Tuc at T-B-O-H wrote: > > I have a Server that I'd like to have 8 clients use. The server > > has 1.2.3.0/24 assigned to it. However, I also own 3.4.5.0/24, and > > would like to assign the clients out of that 3.4.5.X/27's. (1-30, > > 33-62,65-94, etc). Is this possible without assigning one of the IP's > > out of that /27 to my server? > > I think you do have to use an IP. Perhaps not, but it's the easiest > solution. Where I have a /28 I assigned an IP in there to dummy0 with > the /28 netmask. Turned on proxy ARP and all is well. > But what about if I wanted to do what I mentioned above, and expand the net out from the client via a different interface. I could allocate a private IP for the tunnel, and then allocate all the rest on the other interface. > > Uh .... not quite *all*. Actually I have a routing loop there. If I get > a packet for an IP in the /28 which is *not* bound as an openvpn > endpoint, it tries to go out my default route, which is funny, because > this site has a dual redundant default route! :) I need to add a "host > unreachable" or blackhole route for the /28, I guess. > When I nail up the routes I do something like : ip route 192.1.2.0 255.255.255.0 null0 distance 254 Thanks, Tuc ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00111.html on line 263 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00111.html on line 263 |