[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] How to route between subnets in different instances of the daemon?


  • Subject: Re: [Openvpn-users] How to route between subnets in different instances of the daemon?
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Thu, 13 Dec 2007 15:05:37 +0100

OK I still don't understand your question then ;-)
What's with the push_buffer limit? How many routes are you trying to 
push? I'm pushing 3 routes without any problems (and I think I could 
push quite a few more without any issues).
What does and what does not work with the second instance? What's the 
difference between the config files/ccd files for instances #1 and #2.

As a final remark, we have users here using Vista with Openvpn 2.1 
without too many problems; the biggest problem is the new firewalling 
concept of Vista, which determines that an openvpn tunnel is "public" 
and hence blocks most traffic on it by default. This is easy to change, 
however.

cheers,

JJK

Mark Berry wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have the iroute and push route going OK, so if you connect to the same
> instance on port 1194 net 10.8.0.0/30, it all works.
>
> If you connect to the second instance on port 1195 10.8.1.0/30, it
> doesnt. Note, I dont push the same routes on both instances, only the
> routes for the nets directly connected to that instance. If I were to
> push all the routes on every instance I would be banging into the
> push_buffer limit again, and I may as well have everything on the same
> instance.
>
> I know that I could "just" recompile with a larger push_buffer, however
> that involves the server and some client builds on Linux, no problems
> there. The windows version, wtf how many bits do I have to install to
> compile? Ok, I should be able to do that..... And finally, the DD-WRT
> portion, where according to one, the source tree is unable to be
> compiled from SVN without some major hurdles, as it appears the GPL
> project is heading in a decidedly non GPL direction.
>
> Add to that, I'm starting to see some problems with the new version of
> OpenVPN working on those stupid vista laptops everyone wants.
>
> Cheers, Mark.
>
> Jan Just Keijser wrote:
>   
>> Your question is slightly confusing ;-)
>> How are the 192.168.25.0/24 and 192.168.101.0/24 subnets connected ?
>> Isn't adding
>>  push "route 192.168.101.0 255.255.255.0"
>> to the server config sufficient? clients from the 10.8.0.1 domain should
>> now be able to see this subnet, provided that the VPN server that
>> they're connecting to can see this subnet.
>>
>> cheers,
>>
>> JJK
>>
>> Mark Berry wrote:
>>     
>>> If I have 2 OpenVPN server instances like :
>>>
>>> 10.8.0.1 -> 192.168.25.0/24
>>>
>>> Clients conecting to this have its route pushed to them, works fine.
>>>
>>> To work around the push_buffer limit, I want further subnets on another
>>> instance of openvpn like :
>>>
>>> 10.8.1.1 -> 192.168.101.0/24
>>>
>>> Now, a client connecting to the 10.8.0.1 instance, cannot access the
>>> 192.168.101.0 net.
>>>
>>> What can I do about this? I know it has to do with the routing, but I'm
>>> afraid I'm not clued up enough to know the answer.
>>>
>>> Can anyone help?
>>>
>>>   
>>>       

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users