[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] How to route between subnets in different instances of the daemon?


  • Subject: Re: [Openvpn-users] How to route between subnets in different instances of the daemon?
  • From: Mark Berry <mberry@xxxxxxxxxxxxxxxx>
  • Date: Thu, 13 Dec 2007 14:29:23 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The push_buffer is 1000 bytes, so I can not for instance push 30 or more
subnet routes through it.

So I was hoping I could push 20 or so through each instance of OpenVPN.

As an aside, how do you get around Vistas funnyness? I am going to have
to invest more time with it I see <sigh>.

Cheers, Mark.

Jan Just Keijser wrote:
> OK I still don't understand your question then ;-)
> What's with the push_buffer limit? How many routes are you trying to
> push? I'm pushing 3 routes without any problems (and I think I could
> push quite a few more without any issues).
> What does and what does not work with the second instance? What's the
> difference between the config files/ccd files for instances #1 and #2.
> 
> As a final remark, we have users here using Vista with Openvpn 2.1
> without too many problems; the biggest problem is the new firewalling
> concept of Vista, which determines that an openvpn tunnel is "public"
> and hence blocks most traffic on it by default. This is easy to change,
> however.
> 
> cheers,
> 
> JJK
> 
> Mark Berry wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I have the iroute and push route going OK, so if you connect to the same
>> instance on port 1194 net 10.8.0.0/30, it all works.
>>
>> If you connect to the second instance on port 1195 10.8.1.0/30, it
>> doesnt. Note, I dont push the same routes on both instances, only the
>> routes for the nets directly connected to that instance. If I were to
>> push all the routes on every instance I would be banging into the
>> push_buffer limit again, and I may as well have everything on the same
>> instance.
>>
>> I know that I could "just" recompile with a larger push_buffer, however
>> that involves the server and some client builds on Linux, no problems
>> there. The windows version, wtf how many bits do I have to install to
>> compile? Ok, I should be able to do that..... And finally, the DD-WRT
>> portion, where according to one, the source tree is unable to be
>> compiled from SVN without some major hurdles, as it appears the GPL
>> project is heading in a decidedly non GPL direction.
>>
>> Add to that, I'm starting to see some problems with the new version of
>> OpenVPN working on those stupid vista laptops everyone wants.
>>
>> Cheers, Mark.
>>
>> Jan Just Keijser wrote:
>>  
>>> Your question is slightly confusing ;-)
>>> How are the 192.168.25.0/24 and 192.168.101.0/24 subnets connected ?
>>> Isn't adding
>>>  push "route 192.168.101.0 255.255.255.0"
>>> to the server config sufficient? clients from the 10.8.0.1 domain should
>>> now be able to see this subnet, provided that the VPN server that
>>> they're connecting to can see this subnet.
>>>
>>> cheers,
>>>
>>> JJK
>>>
>>> Mark Berry wrote:
>>>    
>>>> If I have 2 OpenVPN server instances like :
>>>>
>>>> 10.8.0.1 -> 192.168.25.0/24
>>>>
>>>> Clients conecting to this have its route pushed to them, works fine.
>>>>
>>>> To work around the push_buffer limit, I want further subnets on another
>>>> instance of openvpn like :
>>>>
>>>> 10.8.1.1 -> 192.168.101.0/24
>>>>
>>>> Now, a client connecting to the 10.8.0.1 instance, cannot access the
>>>> 192.168.101.0 net.
>>>>
>>>> What can I do about this? I know it has to do with the routing, but I'm
>>>> afraid I'm not clued up enough to know the answer.
>>>>
>>>> Can anyone help?
>>>>
>>>>         
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users