|
|
James Barros schrieb: > > A humble request for help. > > Situation: > > I have 3 offices and 20+ roaming users, all connected over openvpn to > my downtown office. > > All users need access to downtown AND hollywood offices. > > The hollywood office has a /ccd file and I can access all of the > computers behind it easily from my downtown office (the server) > I CAN NOT access the computers in the hollywood office (behind the > openvpn client) from the other clients. > > client-to-client is enabled. This only enables traffic to the entry point at hollywood, you need to push the route to the network behind hollywood to your clients. > > I would like to avoid bridging because > 1.) our network is instable, and a bridge over a broken network > does not fail gracefully. > 2.) even working right, I don't want to pass ALL traffic through my > office. > > I BELIEVE This means I need to push routes out for both of these subnets. Yes > > The problem is that the hollywood office is a client as well. Does > this mean I should be pushing a route for it's local subnet to it as > well, (since routes are pushed from the server config and not client > configs) and just trust that proper subnet masking will stop it from > passing its own traffic upstream and creating a network shitstorm? Use ccd files :-( > > Looking over the opienvpn howto, and the ccd fles, I don't see a means > of only pushing routes dependent on clients. This is what ccd is for > > can I take the route pushes out of the server.conf and put them into ccd > files? Yes you can > > can I somehow do this in the client.conf file I give out with keys? Possibly, but less secure, use ccd files. cheers ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |