[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] How to route between subnets in different instances of the daemon?


  • Subject: Re: [Openvpn-users] How to route between subnets in different instances of the daemon?
  • From: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx>
  • Date: Fri, 14 Dec 2007 13:22:38 +0100

Title: Re: [Openvpn-users] How to route between subnets in different instances of the daemon?
I still wonder where those 30 ruotes are. The config files only have a few of them.
The more information he hides from us, the harder it is for us to help ...


From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Jan Just Keijser
Sent: Fri 14-Dec-07 13:13
To: mberry@xxxxxxxxxxxxxxxx; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] How to route between subnets in different instances of the daemon?

indeed, the lines
  route 192.168.101.0 255.255.255.0
and
  route 192.168.102.0 255.255.255.0
are most likely the cause of why your setup is not working.

So if I understand correctly you need to push 30+ routes to each client?
that's BAD network design if you need to do that... Is it not possible
to aggregrate routes, e.g. instead of doing
  push "route 192.168.100.0 255.255.255.0"
  push "route 192.168.101.0 255.255.255.0"
simply push
  push "route 192.168.100.0 255.255.254.0"
etc? this would make routing much more effective on your clients as
well. The network/subnet masks need to be adjusted accordingly, of
course...

HTH,

JJK



David Balazic wrote:
> Hi!

> What is the purpose of this lines in the server1 config :
> route 192.168.101.0 255.255.255.0
> push "route 192.168.101.0 255.255.255.0"
> ?
> What is the 192.168.101.x network ?

> Also :
> push "route 10.80.1.0 255.255.255.0"
> this is done automatically by the "server" command.

> Regards,
> David
>
> ------------------------------------------------------------------------
> *From:* openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Mark
> Berry
> *Sent:* Thu 13-Dec-07 18:42
> *To:* openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> *Subject:* Re: [Openvpn-users] How to route between subnets in
> different instances of the daemon?
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Server 1 :
> port 1195
> proto udp
> dev tun1
> ca ca.crt
> cert server.crt
> key server.key
> dh dh1024.pem
> server 10.80.1.0 255.255.255.0
> ifconfig-pool-persist ipp-test-01.txt
> client-config-dir ccd
> # test1.
> route 192.168.101.0 255.255.255.0
> push "route 192.168.101.0 255.255.255.0"
> # Server route
> push "route 10.80.1.0 255.255.255.0"
> push "dhcp-option DNS 10.8.0.1"
> push "dhcp-option WINS 10.8.0.1"
> client-to-client
> keepalive 10 120
> comp-lzo
> user nobody
> group nobody
> persist-key
> persist-tun
> status openvpn-test-01-status.log
> log openvpn-test-01.log
>
> Server 2 :
> port 1196
> proto udp
> dev tun2
> ca ca.crt
> cert server.crt
> key server.key
> dh dh1024.pem
> server 10.80.2.0 255.255.255.0
> ifconfig-pool-persist ipp-test-01.txt
> client-config-dir ccd
> # test2.
> route 192.168.102.0 255.255.255.0
> push "route 192.168.102.0 255.255.255.0"
> # Server route
> push "route 10.80.2.0 255.255.255.0"
> push "dhcp-option DNS 10.8.0.1"
> push "dhcp-option WINS 10.8.0.1"
> client-to-client
> keepalive 10 120
> comp-lzo
> user nobody
> group nobody
> persist-key
> persist-tun
> status openvpn-test-02-status.log
> log /openvpn/openvpn-test-02.log
>
> Ok, here you go, its all pretty standard stuf.
>
> David Balazic wrote:
> > config files ?
> >
> >
> > ________________________________
> >
> > From: Mark Berry [mailto:mberry@xxxxxxxxxxxxxxxx]
> > Sent: Thu 13-Dec-07 17:21
> > To: David Balazic
> > Subject: Re: [Openvpn-users] How to route between subnets in
> different instances of the daemon?
> >
> >
> >
> > Sorry, it all sounds OK in my head :-)
> >
> > I have a single VPN Server on the internet, a rhel4 dual xeon,
> > connecting to it are multiple OpenVPN routers (DD-WRT VPN build v23)
> > with a 192.168 subnet behind them, approx 16 online now with another 28
> > to go 'real soon now'(tm).
> >
> > Mobile clients needing access to those nets also connect to the same VPN
> > Server.
> >
> > So its a single connection point to access 192.168.5.0/24,
> > 192.168.6.0/24 etc. Think of the VPN Server as being the hub of a star
> > network, with each point of the star being a router to a 192.168.0.0/24
> > subnet lan.
> >
> > Currently it works well. Mobile clients can connect to any of the
> > 192.168 subnets via the VPN, and computers in the 192.168 subnets can
> > access any of the other subnets across the VPN.
> >
> > Problem is, I didnt come across any mention of the limitation in the
> > amount of information that can be pushed to the clients when I started.
> > So I can not connect any more routers to the OpenVPN instance I have
> > running now, without breaking it. So, I either have to recompile the
> > various OpenVPN clients, or, I hope, start a second (third, fourth)
> > OpenVPN instance with a small number of the site routers in each.
> >
> > Cheers, Mark.
> >
> > David Balazic wrote:
> >> Jan Just Keijser wrote :
> >
> >
> >>> OK I still don't understand your question then ;-)
> >
> >> Me neither :-)
> >
> >> Mark, why not posting you server and client config files ?
> >
> >> And some info about the network layout wouldn't hurt either.
> >
>


-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users