[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] How to assign private IP from protected LAN

  • Subject: Re: [Openvpn-users] How to assign private IP from protected LAN
  • From: Leonard Isham <leonard.isham@xxxxxxxxx>
  • Date: Fri, 3 Dec 2004 15:25:05 -0500

On Fri, 3 Dec 2004 13:32:16 -0500, Dick St.Peters
<stpeters@xxxxxxxxxxxxx> wrote:
> Leonard Isham writes:

> What I said is 100% accurate.  There is no need to split the subnet.
> Say your LAN runs and your OpenVPN server is at
>, with a tunnel to a roadwarrior with the tunnel IPs being
> at the server end and at the roadwarrior
> end.  If another system on the LAN arps for the roadwarrior's
> IP, the OpenVPN server will respond with its own MAC
> address.  The other system will send packets for the roadwarrior to the
> OpenVPN server, which will route them to the roadwarrior.
> Obviously, you can't assign the roadwarrior any IP already in use, but
> this is no different from having it directly attached to the LAN.
> If a piece of the subnet, say, is routed by the
> OPenVPN server to the roadwarrior, the server will respond to arps for
> any address in that piece.
> You do need to have proxy arp enabled on the OpenVPN server's LAN
> interface, but this is trivial for Linux and probably other *NIX as
> well.  (Probably a sysctl for *BSD)

I remember you now your running what I would call a point to
multipoint with *nix systems.

I don't think that this would work with any Windows in the mixture.

Leonard Isham, CISSP 
Ostendo non ostento.

Openvpn-users mailing list