[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Serving only Static IP Addresses to Linux clients


  • Subject: Re: [Openvpn-users] Serving only Static IP Addresses to Linux clients
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Fri, 08 Feb 2008 11:46:03 +0100

Hi Matthew,

your current setup is a routed OpenVPN setup, which requires an extra 
subnet (172.16.16.0/24) to make things work. You can eliminate this 
extra subnet by switching to bridged mode, but there's one thing I don't 
understand about your setup:

the vpn client lan space is 192.168.2.0/24
the vpn server lan space is 192.168.3.0/24
the vpn lan is 172.16.16.0/24

where does 172.16.17.0 come from? on which sides of the setup does this 
lan space live? I assume/hope that it's only on the server side.

cheers,

JJK

Matthew Macdonald-Wallace wrote:
> Hi All,
>
> I've joined this list mainly to try and resolve this issue, however
> hopefully I'll learn enough to help out someday! :o)
>
> We currently have a Primary MX and a local MX that we want to
> talk over VPN.  In future, we will likely add a secondary MX that will
> also talk to the local MX via the VPN.
>
> At the moment, we have the primary MX connecting as a client to the
> local MX, however we appear to have a number of routes and we would
> like to simplify this.
>
> The routing table on the client currently looks like this (IP
> Addresses have been changed to protect witnesses in this case):
>
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 172.16.16.1     172.16.17.2     255.255.255.255 UGH   0      0        0
> tun10
> 172.16.17.2     *               255.255.255.255 UH    0      0        0
> tun10
> default         192.168.2.1 0.0.0.0         UG    0      0        0
> eth0
>
>
> client.conf:
>
>
> client
> dev tun10
> proto udp
> remote server-IP 1194
> resolv-retry infinite
> nobind
> persist-key
> persist-tun
> ca keys/server-ca.crt
> cert keys/server-client.crt
> key keys/server-client.key
> comp-lzo
> #verb 3
>
>
> The server route shows:
>
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface 
> 172.16.16.2     *               255.255.255.255 UH    0  0   0     tun0 
> 172.16.16.0     172.16.16.2     255.255.255.0   UG    0  0   0     tun0
> 172.16.17.0     172.16.16.2     255.255.255.0   UG    0  0   0     tun0
> localnet        *               255.255.0.0     U     0  0   0     eth0
> default         192.168.3.1     0.0.0.0         UG    0  0   0     eth0
>
>
> Server.conf:
>
> port 1194
> proto udp
> dev tun
> ca /etc/openvpn/keys/ca.crt
> cert /etc/openvpn/keys/server.crt
> key /etc/openvpn/keys/server.key
> dh /etc/openvpn/keys/dh1024.pem
> server 172.16.16.0 255.255.255.0
> route 172.16.17.0 255.255.255.0
> client-config-dir ccd
> ifconfig-pool-persist ipp.txt
> keepalive 10 120
> comp-lzo
> persist-key
> persist-tun
> status openvpn-status.log
> verb 3
> user nobody
> group nogroup
> daemon
> push "route 192.168.5.0 255.255.255.0"
> push "route 192.168.2.10 255.255.255.255"
>
>
> ccd/client:
>
>
> ifconfig-push 172.16.17.1 172.16.17.2
>
>
> What I would like to achieve is the elimination of the 172.16.16.0
> subnet so the connection is as follows:
>
>
> eth0 
> |
> |
> client 
> |
> client-tun0 (172.16.17.2) 
> |
> |
> |
> |
> server-tun0 (172.16.17.1)
> |
> server
> |
> |
> eth0
>
> I also want to avoid the issue of the client being reassigned a
> different IP address as this would mean updating DNS/hosts/mail-server
> on the local MX.
>
> If you need any more information, please let me know and I'll provide
> what I can where I can.
>
> I've searched google, however the main instructions I can find to do
> with this refer to either multiple subnets or windows clients, so if
> anyone knows of a good document to point me in the direction of, I'll
> happily disappear and read it! :o)
>
> Kind regards,
>
> Matt.
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users