|
|
james.huang@xxxxxxxxxxxxxx wrote: > I have similar issue - unable to access default GW router for all those > kinds of routing setup... > My situation: I need to use customer pre-assigned virtual IP (e.g. > 10.8.x.y) for each client, so I need "ccd" to config each client; I also > need "client-to-client" to let clients access each other. > > The problem is: "ccd" and "client-to-client" don't work together, due to > lack of all those routing setup. > I'm not aware of any conflict between the client-config-dir and client-to-client directives. To be sure, you can't put the client-to-client directive inside a client-specific context (such as a client-config-dir file) -- but you shouldn't need to do that. (I also don't understand what you mean by "lack of all these routing setup"). (Also, client-to-client is *always* optional; you can get the same effect from configuring your operating system to allow packets coming out of the adapter to be routed directly back in, and ensuring that no firewall rules prevent this). Now, if you're objecting that you can't assign static IPs and ensure that connections to those IPs will be correctly routed without changing the configuration elsewhere on your network -- yes, this is the case, but I'm not sure what it has to do with either client-to-client or client-config-dir. If systems on the server's network don't need to be able to distinguish between clients, you could apply NAT at the VPN server; if they do, you could pick a range of addresses which are valid within your LAN and map those to the relevant VPN addresses -- though detailed steps for doing that are beyond the scope of this list. That said -- using the tap device is probably appropriate in your situation, and I don't see anything in the ifconfig-push documentation indicating that it wouldn't work in conjunction with the tap device, and client-to-client quite certainly *does* work in tap mode. Again, though, this will require that you have IPs allocated within your LAN's range (unless you have the ability to add new routes, which I understand not to be the case). ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-09/msg00018.html on line 214 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-09/msg00018.html on line 214 |