|
|
Hi, it allready works in star configuration. My problem is to create a vpn directly from B to C. So it's a circular vpn A<=>B<=>C<=>A i want. Not A<=>B, A<=>C, A<=>D + routing via A to exchange between B & C lan my A (mode server) openvpn.conf ==================================== port 1194 proto udp dev tun0 persist-key persist-tun ca cacert.crt cert openvpn.crt key openvpn.key dh dh1024.pem tls-auth ta.key 0 client-config-dir ccd username-as-common-name plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so openvpn up /etc/openvpn/up-shell.sh server 10.151.170.0 255.255.255.0 push "route 192.168.10.0 255.255.255.0" local ovpn.myserver.x route 192.168.1.0 255.255.255.0 push "route 192.168.1.0 255.255.255.0" route 192.168.2.0 255.255.255.0 push "route 192.168.2.0 255.255.255.0" route 192.168.3.0 255.255.255.0 push "route 192.168.3.0 255.255.255.0" client-to-client max-clients 15 keepalive 10 120 cipher BF-CBC comp-lzo user nobody group nobody status /var/log/openvpn/status.log log-append /var/log/openvpn/openvpn.log verb 4 mute 10 ==================================== my B & C & D (openvpn client) openvpn.conf ==================================== client ns-cert-type server resolv-retry infinite nobind proto udp dev tun0 persist-key persist-tun ca cacert.crt cert openvpn.crt key openvpn.key tls-auth ta.key 1 auth-user-pass user-pass.secret up /etc/openvpn/up-shell.sh remote ovpn.myserver.x 1194 keepalive 10 120 cipher BF-CBC comp-lzo user nobody group nobody chroot /etc/openvpn/jail status /var/log/openvpn/status.log log-append /var/log/openvpn/openvpn.log verb 4 mute 10 ==================================== my ccd directory ==================================== /etc/openvpn/ccd/B-login with this directive => iroute 192.168.1.0 255.255.255.0 /etc/openvpn/ccd/C-login with this directive => iroute 192.168.2.0 255.255.255.0 /etc/openvpn/ccd/D-login with this directive => iroute 192.168.3.0 255.255.255.0 so route i receive in B ==================================== 10.151.170.13 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.3.0 10.151.170.13 255.255.255.0 UG 0 0 0 tun0 (D site) 192.168.2.0 10.151.170.13 255.255.255.0 UG 0 0 0 tun0 (C site) 10.151.170.0 10.151.170.13 255.255.255.0 UG 0 0 0 tun0 192.168.10.0 10.151.170.13 255.255.255.0 UG 0 0 0 tun0 (A site) ==================================== openvpn server is in A site B & C & D site are in client mode should i understand : with client-to-client directive in A openvpn.conf each client receive information to create vpn directly between clients, without any packet in transit via A (openvpn server mode) so no bandwith use in A site when B and C exchange packets ? So i have nothing to change ? it's possible ? Le 8 mars 07 à 11:16, Jean Baptiste Favre a écrit : > Hi > I suggest you to use the client-config-dir option. In this > directory you > will put a file per client's CN. > According to openvpn's man: > "This file can specify a fixed IP address for a given client using > --ifconfig-push, as well as fixed subnets owned by the client > using --iroute. > ... > The following options are legal in a client-specific context: -- > push, > --push-reset, --iroute, --ifconfig-push, and --config." > > Hope this help > Jean Baptiste Favre > > Rémi Gauthier a écrit : >> Hi >> >> in star configuration, B & C & D satellite sites are connected with A >> head-company site (company email server) with openvpn client >> >> A is 192.168.10.0/24 bigger site >> B is 192.168.1.0/24 large site >> C is 192.168.2.0/24 large site >> D is 192.168.3.0/24 small site >> >> in A openvpn.conf >> -------------------------------------- >> client-to-client >> #B & C & D route for their C class >> route 192.168.1.0 255.255.255.0 >> push "route 192.168.1.0 255.255.255.0" >> route 192.168.2.0 255.255.255.0 >> push "route 192.168.2.0 255.255.255.0" >> route 192.168.3.0 255.255.255.0 >> push "route 192.168.3.0 255.255.255.0" >> >> in ccd/B-login >> -------------------------------------- >> iroute 192.168.1.0 255.255.255.0 >> >> and idem for C & D ccd/login >> >> all vpn works fine but ... >> all traffic in/out from A site ! bandwith problems >> There is a backup between B & C >> B & C are in same FAI network, but different from A >> >> ==>> so i test to create 1 openvpn directly between B & C >> >> but before creating an other B to C direct openvpn, i should >> deactivate routing via A >> >> actually, i receive >> >> in B >> i receive C route via A >> in C >> i receive B route via A >> >> ==>> HOW-TO deactivate routing transmission for B & C but transmit >> route for D ??? >> >> A route to B,C & D >> B route to A + B route to C directly >> C route to A + C route to A directly >> D route to A, B & C via A >> >> I have tested to deactivate routing between B to C via iroute in B & >> C ccd/login >> so B & C doesn't receive route to C & B >> >> but all traffic between A=B and C=A is dropped >> Fri Mar 2 12:30:05 2007 us=350349 B-site/B-IP-site MULTI: bad source >> address from client [192.168.1.1], packet dropped >> >> Thank's a lot for your help >> ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |