[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] openvpn on Debian setup

  • Subject: Re: [Openvpn-users] openvpn on Debian setup
  • From: Erich Titl <erich.titl@xxxxxxxx>
  • Date: Mon, 25 Jun 2007 20:43:02 +0200


Tim Freedom schrieb:
> --- Josh Cepek <josh.cepek@xxxxxxx> wrote:
>> Tim Freedom wrote:
> OK, I'm back to square one then :-/ - could someone please shed some
> light on how to setup a proper environment so that VPN works no matter
> what the roaming Laptops' IP addresses are ?  Hasn't anyone gone through
> this process before or is everyone really picky about what the server VPN
> IP (and LAN) is vs. what the various client IPs need to be, etc ?
> So in order to not really care what the roaming laptops' IPs coming-in
> are I realize that I need to modify my route tables and possibly rewrite
> their headers, but I'm a relative newbie to all of this and all help
> would be appreciated.  Is there a HOWTO or a detailed example to note
> this info ?
> I'm not trying to complicate things, on the contrary, just trying to
> figure out a setting (config files, commands, etc) so that the VPN
> will function no matter what/where the roaming laptops come-in on.

If it is _no_matter_at_all_ you best get a public IP range assinet to
yourself which is unrouted and use that one for your VPN. This is kind
of a waste of IP addresses but probably the only safe way to avoid
address clashes.

RFC 1918 assigns private address ranges, which are widely used, but
other unrouted addresses.

IANA has set aside a number of blocks which should not be used on the
internet. Part of it are the RFC1918 blocks. Others existed for
historical reasons but were returned to normal IP space.

It may be possible to use addresses somewhere within the
address space, but this may depend on your IP stack and router

A good candidate may be the address space which is used for
testing purposes.

Please look into RFC 3330 for more info.

OpenVPN mailing lists