On Sun, 23 Jan 2005, Whit Blauvelt wrote:
Yes. The most usual setup, I'd say is like that. You have OpenVPN on your normal default gateway, so if you're using TAP, then it will be both bridging your OpenVPN connections and routing your normal traffic to/from internet.
Begin your start-up scripts by setting up a bridge (br0) and include both tap0 and eth0 (? your local interface) in it. Then assign your local interface to br0 instead of eth0.
Then treat br0 as your normal local interface, and it will route just as usual between br0 and your external interface.
My second question is: I want the remote users to be able to connect through both external interfaces - two different external IPs. Can this work with a single instance of OpenVPN?
I assume so. If you don't bind OpenVPN to a perticular interface with --local, it should be reachable via any interface.
My third question is: Is it correct to assume that the remote connections can simply be assigned IPs by the internal dhcp server, and that existing IP assignments on the remote machines and internal LANs don't matter? Access from within the actual LAN to the remote systems isn't wanted or desired, just virtual remote access inward to the LAN.
They, can but it's a little tricky. You have to setup the DHCP server so it doesn't assign any default gateway to VPN users, as they will then lose connectivity with the external IP address of your OpenVPN server.
I'd recommend using OpenVPN's build-in ifconfig-pool feature instead and hand out IP address of the same subnet, but from another range of IP address than your local DHCP server is using.
My fourth question: One remote user runs OS/X. Somewhere on the OpenVPN site it says bridging is only for Lin & Win, but elsewhere there's a suggestion that OS/X can do it. What's the current state of that? Also, whether through the bridge or through a separate, no-bridging instance of OpenVPN set up for the remote Mac, what's required for OS/X to mount Windows drives on the internal net? (I confess to total OS/X ignorance, beyond knowing its UNIX origins.)
Sorry, don't know about that. I think I've read about a new tun/tap driver supporting TAP as well.
-- _____________________________________________________________ Mathias Sundman (^) ASCII Ribbon Campaign OpenVPN GUI for Windows X NO HTML/RTF in e-mail http://www.nilings.se/openvpn / \ NO Word docs in e-mail
____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users