[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] failover with RIP

  • Subject: Re: [Openvpn-users] failover with RIP
  • From: Erich Titl <erich.titl@xxxxxxxx>
  • Date: Mon, 20 Aug 2007 21:58:37 +0200

Michael Jürgens schrieb:
> Hi Erich,
> thanks for fast reply.
>> Is this really necessary? What exactly do you want to achieve. You want
>> to have routing from host1 to net1 whatever VPN is active at the moment.
>> IMHO all you really have to propagate to host1 or to an intermediate
>> router is that the route to Net1 has changed. Then packets destined to
>> net1 will be routed accordingly.
> Yes, but how can I do that?
> For that I have to propagate the route information from the openvpn
> process to the kernel of router1 (or router2 if c1 is connected to vpn2)
> As far as I know the openvpn process runs under an unprivileged user
> when the client connects to the vpn. So it seems inpossible to propagate
> a route to the kernel without breaking some security rules.

I doubt that it is the duty of the OpenVPN process to propagate a route
to the relevant systems in your internal network. What is the reason to
exclude a routing propagation protocol like ospf to take over this duty?

You could, of course, propagate the route to the connected networks to
the default gateway of your internal network, but even so you need
something to tell this router. Also you need to delete the route as soon
as the connection is terminated. At least you don't have to tell just
about everyone :-)



Openvpn-users mailing list