[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Filter on tap device

  • Subject: Re: [Openvpn-users] Filter on tap device
  • From: Marco Fretz <mailinglist@xxxxxxx>
  • Date: Sat, 05 Jan 2008 19:54:39 +0100

ur right. that will be the best thing. i thought it will be fine to 
start the openvpn server on demand with inetd, but that wont work 
because openvpn over inetd can only run in peer-to-peer mode and not in 
server (bridging mode) :(

maybe i need some ports opened from the openvpn "groups" (processes) to 
the server. routing / bridging between the groups is not needed cause 
all clients that have to see each other are in the same group with 
client-to-client switched on.
the only ugly thing is: i need to run each openvpn instance / group on a 
different port or ip. or is there any other possibility?

is there any solution to force a client to reconnect on a different port 
depending on the username / CN?

thanks a lot

Prasanna Krishnamoorthy schrieb:
> On Jan 5, 2008 7:25 PM, Marco <mailinglist@xxxxxxx> wrote:
>> hello
>> thank you for that input. ill try it the next days.
>> i got another idea this moring. is it possible to run openvpn over
>> xinetd in p2p (not server) mode? so openvpn will create a tap interface
>> for each client, right? then i can use bridge utils / brctl or ebtables
>> to bridge together or not how and what i want. right?
> I don't know if that's possible. I think the server per group, with
> routing between them will best solve your purpose. Routing is much
> easier to control between the different servers, and from your
> requirement you really don't need bridging between groups right?
> Prasanna.

Openvpn-users mailing list