[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] tun or tap

  • Subject: Re: [Openvpn-users] tun or tap
  • From: "James Yonan" <jim@xxxxxxxxx>
  • Date: Sat, 6 Mar 2004 01:00:58 -0000

cbowe <info@xxxxxxxxxx> said:

> I feel like there's some etiquette or protocol to mailing lists that's
> I'm unaware of. This is the first time I've tried to use one and that's
> only because a M$ box will be used if I can't make this work soon. It's
> for a university and I think Redmond is not the best place for them to
> send their money. 
> All I'm looking for are basic concepts. I have no trouble reading log
> files and sorting out errors but I don't have the time or the resources
> to test all possibilities. I seem to have a unique situation and have
> found no references or examples in documentation.  
> Thanks Rob, for your reference to earlier posts but the documentation is
> very clear on how to bridge subnets and I've had no trouble setting up a
> tunnel.
> James wrote...
> "It's possible to --ifconfig a private address block, but then to route
> a public block over it."
> ..is this done with a tun to route instead of bridging?


> Also..
> "It is also possible to --ifconfig a public address pair
> directly, but you must make sure at either end that there's no routing
> conflict."
> This seems like it would be more efficient is this done by routing all
> traffic over the vpn or just what is going to that address range?

Yes, the usual dance is to route the whole subnet over the VPN, but have a
special direct host route between the actual VPN server machines, so the VPN
doesn't try to route into itself which would cause a routing loop.


Openvpn-users mailing list