[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] routing to networks behind a client for other clients?

  • Subject: [Openvpn-users] routing to networks behind a client for other clients?
  • From: James Barros <james@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 3 Aug 2007 09:33:02 -0700

A humble request for help.


I have 3 offices and 20+ roaming users, all connected over openvpn to
my downtown office.

All users need access to downtown AND hollywood offices.

The hollywood office has a /ccd file and I can access all of the computers behind it easily from my downtown office (the server) 
I CAN NOT access the computers in the hollywood office (behind the openvpn client) from the other clients. 

client-to-client is enabled. 

I would like to avoid bridging because
   1.) our network is instable, and a bridge over a broken network
does not fail gracefully.
   2.) even working right, I don't want to pass ALL traffic through my office.

I BELIEVE This means I need to push routes out for both of these subnets.

The problem is that the hollywood office is a client as well. Does
this mean I should be pushing a route for it's local subnet to it as
well, (since routes are pushed from the server config and not client
configs) and just trust that proper subnet masking will stop it from
passing its own traffic upstream and creating a network shitstorm?

Looking over the openvpn howto, and the ccd files, I don't see a means
of only pushing routes dependent on clients.

can I take the route pushes out of the server.conf and put them into ccd files?

can I somehow do this in the client.conf file I give out with keys?

(if it matters, both vpn server and hollywood office client are debian etch. most roaming clients are osx with tunnelblick) 

Any help or pointers greatly appreciated.


James Barros
PHP Geek, Apple Admin, Fixer of Mini's, Breaker of other things and defender of justice.