  From: "Mike Preston" <mbpatpas@xxxxxxxxxxx>
  Date: Sun, 23 Oct 2005 12:05:26 -0700
  • Priority: normal


I know this isn't going to make me any friends, but /dev/rob0 has a 
habit of telling people that the things they are stuck with in life are 
changable.  If you read the history here you will see that he will go 
2 or 3 rounds with people telling them to change things that he 
thinks should be changed (even though he has been told that those 
things aren't changable) before he finally gives up and then starts 
working on the problem at hand.  Shame, because he has a lot of 
knowledge to share.  Just wasting 3 or 4 days (or whatever those 3 
rounds of communication take) to start the discussion is so 

Bad for OPENvpn.

Anyway, you will probably be better off if you post your config files 
so people can see what you are doing.

Since you say that you want to set it up so that any pc on the home 
lan can reach any pc on the office lan, you are probably setting it 
up for bridging on both sides, right?  I think /dev/rob0 is thinking 
that you can do what you want to do with routing.  Maybe it can be 
done that way, but nothing in the HOWTO's that I read said it could.

If you use routing, or single side bridging, he is correct that you 
need to have separate address blocks (90.0.0.x on your office side 
and something different, like on your home side).

If you use bridging on both sides, however, the HOWTO that I read 
says that you need to set it up with the exact same address blocks, 
just like you have described.

It says:

"You must configure client-side machines to use an IP/netmask that 
is inside of the bridged subnet, possibly by querying a DHCP server 
on the OpenVPN server side of the VPN."

See: http://openvpn.net/howto.html#scope

So, post your config files (removing sensitive information) and see 
whether anybody responds more directly to your problem.

