[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] How to route between subnets in different instances of the daemon?

  • Subject: Re: [Openvpn-users] How to route between subnets in different instances of the daemon?
  • From: Mark Berry <mberry@xxxxxxxxxxxxxxxx>
  • Date: Thu, 13 Dec 2007 14:29:23 +0000

Hash: SHA1

The push_buffer is 1000 bytes, so I can not for instance push 30 or more
subnet routes through it.

So I was hoping I could push 20 or so through each instance of OpenVPN.

As an aside, how do you get around Vistas funnyness? I am going to have
to invest more time with it I see <sigh>.

Cheers, Mark.

Jan Just Keijser wrote:
> OK I still don't understand your question then ;-)
> What's with the push_buffer limit? How many routes are you trying to
> push? I'm pushing 3 routes without any problems (and I think I could
> push quite a few more without any issues).
> What does and what does not work with the second instance? What's the
> difference between the config files/ccd files for instances #1 and #2.
> As a final remark, we have users here using Vista with Openvpn 2.1
> without too many problems; the biggest problem is the new firewalling
> concept of Vista, which determines that an openvpn tunnel is "public"
> and hence blocks most traffic on it by default. This is easy to change,
> however.
> cheers,
> Mark Berry wrote:
>> Hash: SHA1
>> I have the iroute and push route going OK, so if you connect to the same
>> instance on port 1194 net, it all works.
>> If you connect to the second instance on port 1195, it
>> doesnt. Note, I dont push the same routes on both instances, only the
>> routes for the nets directly connected to that instance. If I were to
>> push all the routes on every instance I would be banging into the
>> push_buffer limit again, and I may as well have everything on the same
>> instance.
>> I know that I could "just" recompile with a larger push_buffer, however
>> that involves the server and some client builds on Linux, no problems
>> there. The windows version, wtf how many bits do I have to install to
>> compile? Ok, I should be able to do that..... And finally, the DD-WRT
>> portion, where according to one, the source tree is unable to be
>> compiled from SVN without some major hurdles, as it appears the GPL
>> project is heading in a decidedly non GPL direction.
>> Add to that, I'm starting to see some problems with the new version of
>> OpenVPN working on those stupid vista laptops everyone wants.
>> Cheers, Mark.
>> Jan Just Keijser wrote:
>>> Your question is slightly confusing ;-)
>>> How are the and subnets connected ?
>>> Isn't adding
>>>  push "route"
>>> to the server config sufficient? clients from the domain should
>>> now be able to see this subnet, provided that the VPN server that
>>> they're connecting to can see this subnet.
>>> cheers,
>>> JJK
>>> Mark Berry wrote:
>>>> If I have 2 OpenVPN server instances like :
>>>> ->
>>>> Clients conecting to this have its route pushed to them, works fine.
>>>> To work around the push_buffer limit, I want further subnets on another
>>>> instance of openvpn like :
>>>> ->
>>>> Now, a client connecting to the instance, cannot access the
>>>> net.
>>>> What can I do about this? I know it has to do with the routing, but I'm
>>>> afraid I'm not clued up enough to know the answer.
>>>> Can anyone help?
Version: GnuPG v1.4.7 (MingW32)
OpenVPN mailing lists