|
|
I have worked with OSPF before and I will look into this. Is this my only option to enable client-to-client and then rely on iptables? I guess I will have to dust off my iptables rules.... -----Original Message----- From: Andrew Good [mailto:agood@xxxxxxxxxxxx] Sent: Thursday, May 24, 2007 10:06 AM To: Ed Russell Subject: Re: [Openvpn-users] 3 questions Mr. Russel, With the current complexity of your network, 3 servers and 100+ clients, I think it'd be best to start implementing OSPF to take care of your routing. As for one client being able to talk to the rest, enable client-to-client on OpenVPN and control who can talk to who with iptables. This assuming you are using a linux server. I like to test network configurations with VNUML. http://www.dit.upm.es/vnumlwiki/index.php/Allexamples Andrew > My 3 questions are: > > > > 1. We monitor our systems using Nagios and I would > like to be able to have the monitoring server connect to the main > OpenVPN server as a client and be able to "see" each of the clients > via the VPN. Right now any client can only see the server. Is it > possible to be able to have one client only be able to reach all the > other clients? Or will I have to make a global change to allow each > client to get to any other. Each client has a fixed VPN IP based upon > their ccd file. > > 2. We are moving to a point where I would like to use > a second subnet to separate new clients in a new country. Up until > now all my clients get a fixed IP in the 10.8.81.x subnet based upon > their ccd file. How can I now add for instance 10.8.82.x and give > specific clients addresses in this subnet? Will adding another route > statement in the server configuration like "route 10.8.82.0 > 255.255.255.0" work? If I do this will it have any effect on the > existing 10.8.81.x subnet? > > 3. This sort of leads out of question number 1. I > have 3 servers running at various places on the Internet, right now I > run all clients on one server but at some point soon I would like to > have clients randomly move between servers. Should the main server go > down I simply run up the daemon on my backup server and the clients > then move over. I know how to accomplish this by changing the options > in the client configuration files. What I would like to know, > assuming #1 is possible (and I'm sure it is) how then could this > "special" client find any other client no matter what server it is > connected to? I can assume that it could simultaneously connect to > both servers and then "find" the client it wants to monitor from > there. > > > > I hope these questions make sense and I have given enough information > to be pointed in the right direction. If not, let me know what I have > missed and I will be sure to comply. Thanks in advance. > > > > Ed Russell > Manager, Information Technology > Teriyaki Experience > 700 Kerr Street Suite 100 > Oakville, Ontario L6K 3W5 > 905-337-7777 x500 > 905-337-5686 direct > 905-580-4566 mobile > 905-337-0331 fax > erussell@xxxxxxxxxxxxxxxxxxxxxx > ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |