[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] How to assign private IP from protected LAN


  • Subject: Re: [Openvpn-users] How to assign private IP from protected LAN
  • From: Leonard Isham <leonard.isham@xxxxxxxxx>
  • Date: Fri, 3 Dec 2004 15:25:05 -0500

On Fri, 3 Dec 2004 13:32:16 -0500, Dick St.Peters
<stpeters@xxxxxxxxxxxxx> wrote:
> Leonard Isham writes:

> What I said is 100% accurate.  There is no need to split the subnet.
> 
> Say your LAN runs 192.168.0.0/24 and your OpenVPN server is at
> 192.168.0.50, with a tunnel to a roadwarrior with the tunnel IPs being
> 192.168.0.51 at the server end and 192.168.0.52 at the roadwarrior
> end.  If another system on the LAN arps for the roadwarrior's
> 192.168.0.52 IP, the OpenVPN server will respond with its own MAC
> address.  The other system will send packets for the roadwarrior to the
> OpenVPN server, which will route them to the roadwarrior.
> 
> Obviously, you can't assign the roadwarrior any IP already in use, but
> this is no different from having it directly attached to the LAN.
> 
> If a piece of the subnet, say 192.168.0.128/27, is routed by the
> OPenVPN server to the roadwarrior, the server will respond to arps for
> any address in that piece.
> 
> You do need to have proxy arp enabled on the OpenVPN server's LAN
> interface, but this is trivial for Linux and probably other *NIX as
> well.  (Probably a sysctl for *BSD)
> 

I remember you now your running what I would call a point to
multipoint with *nix systems.

I don't think that this would work with any Windows in the mixture.

-- 
Leonard Isham, CISSP 
Ostendo non ostento.

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users