[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Client Lan Addressing

  • Subject: Re: [Openvpn-users] Client Lan Addressing
  • From: JJB <onephatcat@xxxxxxxxxxxxx>
  • Date: Tue, 16 Oct 2007 11:07:09 -0700

Colin Ryan wrote:
> OpenVPN will put the "priority" of the routes for the remote network 
> higher than the local. However this will still cause issues in two cases.
> a) The remote IP address is exactly the IP address of the local client 
> (no solution).
> b) The remote networks default gateway is the same as the local.
> The only solution I've found for b) is to a) push down host routes 
> only, i.e. if you only have a few remote machines you want to access 
> push the host route down instead of network route i.e. instead of 
> pushing "" push " 
>" or change your default route remotely to something no 
> likely encountered, i.e or something.
> C
> JJB wrote:
>> Hello,
>> If a LAN has the same address range (192.168.1.x) as the LAN that an 
>> OpenVPN client is trying to connect *from*, should that affect the 
>> ability to connect? If so, how does one set up OpenVPN to handle the 
>> variety of situations that a Laptop will encounter - there is a high 
>> likelyhood that there are many internet cafe's for instance that have 
>> the same ip address range.
>> Thanks,
>>  - Joel
>> ------------------------------------------------------------------------- 
>> This SF.net email is sponsored by: Splunk Inc.
>> Still grepping through log files to find problems?  Stop.
>> Now Search log events and configuration files using AJAX and a browser.
>> Download your FREE copy of Splunk now >> http://get.splunk.com/
>> _______________________________________________
>> Openvpn-users mailing list
>> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
Thanks Colin,

Both of those scenarios are what we are dealing with: our default 
gateway is That machine is the openvpn box and also the 
DHCP server for our LAN.

Changing our LAN addressing would mean visiting a large number of fixed 
IP workstations, our servers IP addressing and changing any script with 
an (unfortunately) hard coded address.

Is there another mode to run Openvpn where this might not be an issue? I 
think it has bridge mode and router mode.

For some reason, the Cisco vpn client we have been using with our PIX, 
which is what we are trying to migrate away from, does not have a 
problem in this area. Any idea why that would work when OpenVPN doesn't?

- Joel

Openvpn-users mailing list