[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] subnet topology / increase /30 range


  • Subject: Re: [Openvpn-users] subnet topology / increase /30 range
  • From: "James Tan" <jameztcc@xxxxxxxxx>
  • Date: Sat, 26 May 2007 23:31:14 +0800

HI Matt,
 
I understand what you are trying to explain all these while, thanks! Guess I will use a 192.168.0.0/16.
 
thanks,
James Tan


 
On 5/26/07, Matt Shields <mattboston@xxxxxxxxx> wrote:
You don't need to redeploy.  The server is what hands out the /30's.
Just start using IPs from the 2nd class C in your CCD files.  It
worked when I did it and I have over 200 users which takes up more
than a class C.  In fact I'm using 4 class C's and I separate users
based on access rights and use IPtables to assign rights.  If you've
ever setup WAN networks like T1's or T3's before you have a /30 that's
used to route your public WAN IPs. It's the same here, nobody cares
what the /30 you're assigning is except the server and the client.
The two devices use that to build their routing table so they know
where to forward other routes.  You could even use a totally different
subnet like 172.16.0.0/12 or 192.168.0.0/16 for your /30's

Matt

On 5/26/07, James Tan <jameztcc@xxxxxxxxx> wrote:
> Hi Matt,
>
> I guess I am confused now. :)
>
> If every clients is to share the same conf file, what should my server be
> configured such that I can support e.g. 300 concurrent users without
> redeploying multiple versions of client conf files?
>
>
> thanks,
> James
>
>
> On 5/25/07, Matt Shields <mattboston@xxxxxxxxx> wrote:
> > You don't need to do that.  Just start assigning /30 from the 2nd
> > subnet.  The /30's are only used as end points for client and server,
> > you don't route to them, you route through them so the client and the
> > server are the only ones that care that you're using them.
> >
> > For example.  My main subnect is 10.10.0.0/16 , the /30's are
> > 10.10.64.0/24 and 10.10.65.0/24 (broken up as /30's.  Everything works
> > hunky dorey. No routing problems, no 2nd openvpn service, it just
> > works.
> >
> > -matt
> >
> > On 5/24/07, Timm Wimmers < timm@xxxxxxxxx> wrote:
> > > James Tan schrieb:
> > > > is there any tutorial to show how to increase the current /30 limit on
> > > > private addresses given to users?
> > >
> > > I don't know such tutorial, but you can simple manage more than one
> > > subnet or transfer net.
> > >
> > > One part of your clients can use 10.8.1.x , the next ones can use
> > > 10.8.2.x and so on. It's simple just run multiple instances of your
> > > openvpn server with the equivalent config file.
> > >
> > > IMHO that's the point why routing is scalable und bridging is not.
> > >
> > > --
> > > Timm
> > >
> > >
> -------------------------------------------------------------------------
> > > This SF.net email is sponsored by DB2 Express
> > > Download DB2 Express C - the FREE version of DB2 express and take
> > > control of your XML. No limits. Just data. Click to get it now.
> > > http://sourceforge.net/powerbar/db2/
> > > _______________________________________________
> > > Openvpn-users mailing list
> > > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > >
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> > >
> >
>
>