|
|
Farkas Levente wrote: > hi, > we now try to migrate from openvpn 1.x to 2.1 topology and we's a few > problems and comments about the new versions and a few questions. > we would like to give each client a fixed ip addresses and some of them > have an own subnet behind it. the server use the > server 192.168.254.0 255.255.255.0 > topology subnet > client-to-client > > my questions: > - why not accept among the server.conf's push the following options: > - persist-remote-ip > - keepalive > this has a good reason or just forget to include. imho it'd useful. > "Options error: option 'persist-remote-ip' cannot be used in this context > Options error: option 'keepalive' cannot be used in this context" > > keepalive, when used on the server, will automatically push the appropriate settings to the client -- note that keepalive is a macro which will push ping and ping-restart parameters to the client. persist-remote-ip is not currently pushable, though it's probably not very difficult to patch this. > - even if i set among the server's push option > - push "comp-lzo" > i've got the warning: > "WARNING: 'comp-lzo' is present in remote config but missing in local > config, remote='comp-lzo'" > and don't see among the "OPTIONS IMPORT". is this normal or a bug? > at the same time i've got a lots of such messages on the server: > Bad LZO decompression header byte: 69 > I think you are not using the comp-lzo option correctly. Put "comp-lzo no" in both the server and client config file. This loads the comp-lzo functionality but doesn't actually enable it. Then in a client-config-dir file, you can specify: comp-lzo yes push "comp-lzo yes" To enable for a particular client. > - neither on the server nor in the client we set any mtu. but we got > this warning: > WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', > remote='link-mtu 1542' > is it normal, a bug, or just a warning? should i have to fix it? > ie. define link-mtu on both end? > This is related to the LZO issue above. > - if i set the above server network then i've got in the log file: > "IFCONFIG POOL: base=192.168.254.2 size=252 > IFCONFIG POOL LIST" > in this case i still can use in the ccd/* files eg. the following: > ifconfig-push 192.168.254.2 255.255.255.0 > or i should have to use different network for the fixed ip? or? > I believe that the ifconfig-push will override taking the address from the pool. However you should not ifconfig-push an address which is already "owned" by the pool. That could create a conflict. > - if there is a network behind the client eg. 192.168.253.0/24 then i > have to set in the ccd/client file: > iroute 192.168.253.0 255.255.255.0 > but if i also would like to allow client-to-client i've to set in the > server.conf: > route 192.168.253.0 255.255.255.0 192.168.254.2 > is it true? and in the example server.conf it's stated also a > push "route 192.168.253.0 255.255.255.0 192.168.254.2" > required. but in this case this route be pushed to the given clients > itself and gives a duplicate route error when try to add. > on the other hand the example conf files do not contains the third > parameters, but without it the route command has no gateway! does this > example files are wrong or i misunderstood something? > anyway why i have to add these two lines? > There is code already which tries to detect whether a client owns a route, and not to push the route to that client. There is a note in the ChangeLog: * Don't push a route to a client if it exactly matches an iroute (this lets you push routes to all clients, and OpenVPN will automatically remove the route from the route push list only for that client which the route actually belongs to). > wouldn't it be much better, cleaner and easier if the client-to-client > defined and an iroute in the ccd/* files also 'generate' the above > route command and push command for all clients except the ones who > owns the network? > > - if i choose "topology subnet" and in the ccd/client file a: > ifconfig-push 192.168.254.2 255.255.255.0 > then why i see on the client: > tun0 Link encap:UNSPEC HWaddr > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 > inet addr:192.168.254.2 P-t-P:192.168.254.2 Mask:255.255.255.0 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > shouldn't the P-t-P:192.168.254.1 is the right settings? > > > You are pushing 192.168.254.2 to the client, so why would you expect to see the interface on the client set to something else? James _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-06/msg00156.html on line 290 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-06/msg00156.html on line 290 |