[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Help needed to configure OpenVPN


  • Subject: Re: [Openvpn-users] Help needed to configure OpenVPN
  • From: Markus Feilner <lists@xxxxxxxxxxxxxx>
  • Date: Mon, 13 Aug 2007 13:00:02 +0200

Sorry Andrew, I forgot to CC: the list-

I hope that helped...
:-) 

Am Freitag 10 August 2007 05:38:01 schrieb Andrew Chan:
> At Client PC A and B, I have to add extra static route to 444.444.444.100
> by issuing the following command.
>
> route ADD 444.444.444.0 MASK 255.255.255.0 333.333.333.100
>
> At Server B, I have to add a static route to reply query from the Client
> PCs.
>
> /sbin/route add -net 10.8.0.0 netmask 255.255.0.0 gw 333.333.333.100
>
> Is this what you mean?
>
> Then my question is that since they are not at the same subnet, I don't
> think I can add these static route right?

If I understand you right,
route ADD 444.444.444.0 MASK 255.255.255.0 333.333.333.100
should better be:
route ADD 444.444.444.0 MASK 255.255.255.0 10.8.0.1
because you want the routing through the tunnel, don't you?
The second: 
/sbin/route add -net 10.8.0.0 netmask 255.255.0.0 gw 333.333.333.100
is what you need on any local non-vpn-client to access the vpn hosts.
But it's mostly better not to open the VPN itself, but instead only routing to 
the networks behind the other tunnel endpoints. But that's a question of 
taste and security/strategy. 

Or am I wrong?

-- 

Best Regards - Mit freundlichen Gruessen
Markus Feilner
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users