[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] How to route between subnets in different instances of the daemon?


  • Subject: Re: [Openvpn-users] How to route between subnets in different instances of the daemon?
  • From: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx>
  • Date: Fri, 14 Dec 2007 10:49:45 +0100

Title: Re: [Openvpn-users] How to route between subnets in different instances of the daemon?
Hi!
 
What is the purpose of this lines in the server1 config :
route 192.168.101.0 255.255.255.0
push "route 192.168.101.0 255.255.255.0"

?
What is the 192.168.101.x network ?
 
Also :
push "route 10.80.1.0 255.255.255.0"
this is done automatically by the "server" command.
 
Regards,
David


From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Mark Berry
Sent: Thu 13-Dec-07 18:42
To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] How to route between subnets in different instances of the daemon?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Server 1 :
port 1195
proto udp
dev tun1
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.80.1.0 255.255.255.0
ifconfig-pool-persist ipp-test-01.txt
client-config-dir ccd
# test1.
route 192.168.101.0 255.255.255.0
push "route 192.168.101.0 255.255.255.0"
# Server route
push "route 10.80.1.0 255.255.255.0"
push "dhcp-option DNS 10.8.0.1"
push "dhcp-option WINS 10.8.0.1"
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-test-01-status.log
log openvpn-test-01.log

Server 2 :
port 1196
proto udp
dev tun2
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.80.2.0 255.255.255.0
ifconfig-pool-persist ipp-test-01.txt
client-config-dir ccd
# test2.
route 192.168.102.0 255.255.255.0
push "route 192.168.102.0 255.255.255.0"
# Server route
push "route 10.80.2.0 255.255.255.0"
push "dhcp-option DNS 10.8.0.1"
push "dhcp-option WINS 10.8.0.1"
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-test-02-status.log
log /openvpn/openvpn-test-02.log

Ok, here you go, its all pretty standard stuf.

David Balazic wrote:
> config files ?
>
>
> ________________________________
>
> From: Mark Berry [mailto:mberry@xxxxxxxxxxxxxxxx]
> Sent: Thu 13-Dec-07 17:21
> To: David Balazic
> Subject: Re: [Openvpn-users] How to route between subnets in different instances of the daemon?
>
>
>
> Sorry, it all sounds OK in my head :-)
>
> I have a single VPN Server on the internet, a rhel4 dual xeon,
> connecting to it are multiple OpenVPN routers (DD-WRT VPN build v23)
> with a 192.168 subnet behind them, approx 16 online now with another 28
> to go 'real soon now'(tm).
>
> Mobile clients needing access to those nets also connect to the same VPN
> Server.
>
> So its a single connection point to access 192.168.5.0/24,
> 192.168.6.0/24 etc. Think of the VPN Server as being the hub of a star
> network, with each point of the star being a router to a 192.168.0.0/24
> subnet lan.
>
> Currently it works well. Mobile clients can connect to any of the
> 192.168 subnets via the VPN, and computers in the 192.168 subnets can
> access any of the other subnets across the VPN.
>
> Problem is, I didnt come across any mention of the limitation in the
> amount of information that can be pushed to the clients when I started.
> So I can not connect any more routers to the OpenVPN instance I have
> running now, without breaking it. So, I either have to recompile the
> various OpenVPN clients, or, I hope, start a second (third, fourth)
> OpenVPN instance with a small number of the site routers in each.
>
> Cheers, Mark.
>
> David Balazic wrote:
>> Jan Just Keijser wrote :
>
>
>>> OK I still don't understand your question then ;-)
>
>> Me neither :-)
>
>> Mark, why not posting you server and client config files ?
>
>> And some info about the network layout wouldn't hurt either.
>
>> Regards,
>
>> David
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFHYW7OrnHd6kWWnE4RAv7bAJ9GjRE+497KBjvV3HrS3W87cvm5owCglzy9
ugoUFeUxHwfwikAqgsA3SRM=
=9FLI
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users