[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Routing Hell

  • Subject: Re: [Openvpn-users] Routing Hell
  • From: Leonard Isham <leonard.isham@xxxxxxxxx>
  • Date: Thu, 22 Sep 2005 01:32:20 -0400

On 9/21/05, /dev/rob0 <rob0@xxxxxxxxx> wrote:
> On Wednesday 21 September 2005 17:11, Kevin wrote:
> > I've been working on getting OpenVPN working one and off all summer
> > for the school district I work for.  We need to link small off campus
> > sites (to expensive or short term leases to run fiber) back to our
> > main lan via cable modem links so we can route them through our
> > content filter.
> >
> > So the goal here is to route all traffic of the offsite lan through
> > our main gatway.
> Ouch! I say, that hurts. ALL traffic through the main gateway? Has the
> idea of digging out some old computers to deploy as per-site content
> filters been considered? A modest old machine (P-II class) might
> suffice. Surely a P-III, too weak to look good with today's MS OS'es,
> would be more than adequate.
> > Throughout learning openvpn, and trying to get it set up, routing has
> > been the most difficult.  I had everything working at one point using
> > static routing which won't work when we add multiple offsites.
> Why not? I have multiple sites connected through static routes. Some
> even are multiple VPN hops away.

Unless you have a huge number of sites or sites that dynamically
change their internal subnets a properly designed IP structure static
routes will work.

Leonard Isham, CISSP
Ostendo non ostento.

Openvpn-users mailing list