[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Serving only Static IP Addresses to Linux clients


  • Subject: [Openvpn-users] Serving only Static IP Addresses to Linux clients
  • From: Matthew Macdonald-Wallace <mmw@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 8 Feb 2008 10:35:05 +0000

Hi All,

I've joined this list mainly to try and resolve this issue, however
hopefully I'll learn enough to help out someday! :o)

We currently have a Primary MX and a local MX that we want to
talk over VPN.  In future, we will likely add a secondary MX that will
also talk to the local MX via the VPN.

At the moment, we have the primary MX connecting as a client to the
local MX, however we appear to have a number of routes and we would
like to simplify this.

The routing table on the client currently looks like this (IP
Addresses have been changed to protect witnesses in this case):

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
172.16.16.1     172.16.17.2     255.255.255.255 UGH   0      0        0
tun10
172.16.17.2     *               255.255.255.255 UH    0      0        0
tun10
default         192.168.2.1 0.0.0.0         UG    0      0        0
eth0


client.conf:


client
dev tun10
proto udp
remote server-IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca keys/server-ca.crt
cert keys/server-client.crt
key keys/server-client.key
comp-lzo
#verb 3


The server route shows:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface 
172.16.16.2     *               255.255.255.255 UH    0  0   0     tun0 
172.16.16.0     172.16.16.2     255.255.255.0   UG    0  0   0     tun0
172.16.17.0     172.16.16.2     255.255.255.0   UG    0  0   0     tun0
localnet        *               255.255.0.0     U     0  0   0     eth0
default         192.168.3.1     0.0.0.0         UG    0  0   0     eth0


Server.conf:

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 172.16.16.0 255.255.255.0
route 172.16.17.0 255.255.255.0
client-config-dir ccd
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
user nobody
group nogroup
daemon
push "route 192.168.5.0 255.255.255.0"
push "route 192.168.2.10 255.255.255.255"


ccd/client:


ifconfig-push 172.16.17.1 172.16.17.2


What I would like to achieve is the elimination of the 172.16.16.0
subnet so the connection is as follows:


eth0 
|
|
client 
|
client-tun0 (172.16.17.2) 
|
|
|
|
server-tun0 (172.16.17.1)
|
server
|
|
eth0

I also want to avoid the issue of the client being reassigned a
different IP address as this would mean updating DNS/hosts/mail-server
on the local MX.

If you need any more information, please let me know and I'll provide
what I can where I can.

I've searched google, however the main instructions I can find to do
with this refer to either multiple subnets or windows clients, so if
anyone knows of a good document to point me in the direction of, I'll
happily disappear and read it! :o)

Kind regards,

Matt.
-- ______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users