[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Unique situation (I think)



Hell gurus, I am faced with a somewhat unique situation.  Here is our scenario:

 

Main OpenVPN Server conf:

 

local XX.XXX.XXX.XXX

port 1194

proto udp

dev tun

ca easy-rsa/keys/ca.crt

cert easy-rsa/keys/server1.crt

key easy-rsa/keys/server1.key

dh easy-rsa/keys/dh2048.pem

server 10.8.80.0 255.255.255.0

ifconfig-pool-persist ipp.txt

client-config-dir ccd

route 10.8.0.0 255.255.0.0

keepalive 10 120

tls-auth easy-rsa/keys/ta.key 0

comp-lzo

user nobody

group nobody

persist-key

persist-tun

status openvpn-status.log

log         openvpn.log

verb 3

 

Client conf:

 

client

dev tun

proto udp

remote XX.XXX.XXX.XXX 1194

remote XX.XX.XXX.XX 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert XXXX.crt

key XXXX.key

ns-cert-type server

tls-auth ta.key 1

comp-lzo

verb 3

log openvpn.log

up-restart

up /usr/viewtouch/dat/scripts/Openvpn-Reconnect

 

Typical ccd file:

 

ifconfig-push 10.8.81.73 10.8.80.1

 

We have about 85 locations which are all exact mirrors of each other.  We have a router at 192.168.0.5 (with varying connectivity, DSL, cable etc) and a POS system at 192.168.0.200 which is the OpenVPN client.  Each of our locations gets a fixed OpenVPN IP via it’s ccd file.  Our main application lives on the OpenVPN server and it connects to a software socket listener on the POS system.  This application actually binds to the OpenVPN Server IP.  For example:

 

On the OpenVPN server we have defined location A as 10.8.81.10 on port 9999.   Our main application connects from 10.8.80.1 (the OpenVPN server) to 10.8.81.10 on port 9999.  So straight across the P-T-P link between the server and the client.

 

Now, what if the destination moved to a device other than the OpenVPN client.  Such as 192.168.0.205 in each location?  I guess what I am asking is can I somehow contact the same address behind the OpenVPN client in differing locations?  I had been thinking of maybe using IP aliasing of some sort, or perhaps could I pass along a small subnet of 10.8.0.x to each location via OpenVPN?

 

I hope this makes sense and someone can help point me in the direction of a viable solution.  We cannot re-ip each location due to the logistics involved.

 

 

 

 

 

Ed Russell
Manager, Information Technology
Teriyaki Experience
700 Kerr Street Suite 100
Oakville, Ontario L6K 3W5

905-337-5686 direct
905-580-4566 mobile
905-337-0331 fax
erussell@xxxxxxxxxxxxxxxxxxxxxx

www.teriyakiexperience.com