|
|
Hi Matthew, your current setup is a routed OpenVPN setup, which requires an extra subnet (172.16.16.0/24) to make things work. You can eliminate this extra subnet by switching to bridged mode, but there's one thing I don't understand about your setup: the vpn client lan space is 192.168.2.0/24 the vpn server lan space is 192.168.3.0/24 the vpn lan is 172.16.16.0/24 where does 172.16.17.0 come from? on which sides of the setup does this lan space live? I assume/hope that it's only on the server side. cheers, JJK Matthew Macdonald-Wallace wrote: > Hi All, > > I've joined this list mainly to try and resolve this issue, however > hopefully I'll learn enough to help out someday! :o) > > We currently have a Primary MX and a local MX that we want to > talk over VPN. In future, we will likely add a secondary MX that will > also talk to the local MX via the VPN. > > At the moment, we have the primary MX connecting as a client to the > local MX, however we appear to have a number of routes and we would > like to simplify this. > > The routing table on the client currently looks like this (IP > Addresses have been changed to protect witnesses in this case): > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 172.16.16.1 172.16.17.2 255.255.255.255 UGH 0 0 0 > tun10 > 172.16.17.2 * 255.255.255.255 UH 0 0 0 > tun10 > default 192.168.2.1 0.0.0.0 UG 0 0 0 > eth0 > > > client.conf: > > > client > dev tun10 > proto udp > remote server-IP 1194 > resolv-retry infinite > nobind > persist-key > persist-tun > ca keys/server-ca.crt > cert keys/server-client.crt > key keys/server-client.key > comp-lzo > #verb 3 > > > The server route shows: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 172.16.16.2 * 255.255.255.255 UH 0 0 0 tun0 > 172.16.16.0 172.16.16.2 255.255.255.0 UG 0 0 0 tun0 > 172.16.17.0 172.16.16.2 255.255.255.0 UG 0 0 0 tun0 > localnet * 255.255.0.0 U 0 0 0 eth0 > default 192.168.3.1 0.0.0.0 UG 0 0 0 eth0 > > > Server.conf: > > port 1194 > proto udp > dev tun > ca /etc/openvpn/keys/ca.crt > cert /etc/openvpn/keys/server.crt > key /etc/openvpn/keys/server.key > dh /etc/openvpn/keys/dh1024.pem > server 172.16.16.0 255.255.255.0 > route 172.16.17.0 255.255.255.0 > client-config-dir ccd > ifconfig-pool-persist ipp.txt > keepalive 10 120 > comp-lzo > persist-key > persist-tun > status openvpn-status.log > verb 3 > user nobody > group nogroup > daemon > push "route 192.168.5.0 255.255.255.0" > push "route 192.168.2.10 255.255.255.255" > > > ccd/client: > > > ifconfig-push 172.16.17.1 172.16.17.2 > > > What I would like to achieve is the elimination of the 172.16.16.0 > subnet so the connection is as follows: > > > eth0 > | > | > client > | > client-tun0 (172.16.17.2) > | > | > | > | > server-tun0 (172.16.17.1) > | > server > | > | > eth0 > > I also want to avoid the issue of the client being reassigned a > different IP address as this would mean updating DNS/hosts/mail-server > on the local MX. > > If you need any more information, please let me know and I'll provide > what I can where I can. > > I've searched google, however the main instructions I can find to do > with this refer to either multiple subnets or windows clients, so if > anyone knows of a good document to point me in the direction of, I'll > happily disappear and read it! :o) > > Kind regards, > > Matt. > ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |