[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] --learn-address don't provide IP for dev tap?


  • Subject: Re: [Openvpn-users] --learn-address don't provide IP for dev tap?
  • From: Didier Conchaudron <didier@xxxxxxxxxxxxxxx>
  • Date: Wed, 15 Dec 2004 16:31:12 +0100

Leonard Isham wrote:

Step back for a minute by using TAP you are using bridging  bridging
is based on MAC addresses.  If you use TUN you are using routing,
which is based on Network (read IP) adresses.

If you buy a gasoline vehicle you can't just decide to put diesel in
it one day.  You would have to modify the care to use diesel.

If you are intent on using diesel (TUN) the modify/ replace your engine for one that uses gasoline (TAP).

The problem is that, in my understanding, I do have to know client IP in tun mode, eq "ifconfig server_ip client_ip". I can't use that way because I can't know the ip address of the incoming clients. I'm not doing pptp.


So my question could be this one: How to use tun mode in order to be able to get several clients without knowing their ip address?

I cc my server config, then you can help me to modify it using tun ;-)

Thanks

Didier
dev tap

ifconfig 192.168.0.2  255.255.255.0
port 443
proto tcp-server

user nobody
group nobody
persist-key

tls-server
dh dh1024.pem

ca /root/CA/ca.crt
cert /root/CA/certs/server.crt
key /root/CA/private/server.key

crl-verify /root/CA/crl/crl.pem

tls-verify /root/openvpn/x509-verify.pl
auth-user-pass-verify /root/openvpn/user-pass.sh via-env
learn-address /root/openvpn/firewall.pl

status-version 1
status /root/openvpn/sessions-status.log 4

comp-lzo
verb 3

mode server
ifconfig-pool 192.168.0.10 192.168.0.20
push "route-gateway 192.168.0.2"
push "redirect-gateway"
push "ip-win32 dynamic"
push "dhcp-option DNS x.x.x.x"
push "dhcp-option DNS y.y.y.y"