From: William M. <wgm...@gm...> - 2009-10-31 20:17:14
|
Couple of corrections... sorry: When I bridge this interface with the TAP adapter the bridge receives an *IP of* 192.168.1.114. I've decided that the VPN will operate under the subnet *10.8.0.0/24<http://10.0.8.0/24> *. My understand is that the following configuration command: On Sat, Oct 31, 2009 at 4:14 PM, William McMahon <wgm...@gm...>wrote: > OK, then all of this might have been in vain. Let me try to explain what I > am trying to accomplish with openVPN because now I am understanding it as > bridging software between an already existing LAN and a virtual LAN. > > The overall goal of this project is to create a LAN environment for pc > gaming - I know childish; but we all enjoy our down time. Through reading > the how-to's I've deducted that I need to create a bridged VPN (to allow > broadcasts). I hope to use the server as a client as well; so here is my > topology... more or less. > > Server behind a router under the subnet 192.168.1.0/24. Server is equipped > with one network interface card that receives an IP of 192.168.1.108. When I > bridge this interface with the TAP adapter the bridge receives an interface > with 192.168.1.114. > > I've decided that the VPN will operate under the subnet 10.0.8.0/24. My > understand is that the following configuration command: > > server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 > > Will allocate 10.8.0.4 to the server's tap adapter and reserve the pool > 10.8.0.50-10.8.0.100 to the connecting clients. > > Now I am assuming that most my clients also are behind their local subnet > 192.168.1.0/24 or 192.168.0.0/24 (since those are the most commonly used > home lans). When the client connects to the VPN using open vpn I am assuming > their TAP adapter is receiving a 10.8.0.0/24 address within the range > .50-.100 and through trials I have verified this assumption (one of the > remote clients received an IP of 10.8.0.50). > > My hope then is if the server were to host a LAN game all clients connected > to the VPN would be able to connect. Similarly if a client were to host a > LAN game all clients connected to the VPN plus the server would be able to > connect. My question is then is this possible? Am I going about this in the > right way? If this is possible, would the server need to be running it's > gaming server on it's 192.168.1.0/24 IP? or on it's 10.8.0.0/24 IP? Will > both destinations be reachable by the clients? If both destinations are > reachable then wouldn't this create IP conflicts if say one of my clients > had 192.168.1.114 as the IP assigned to their Ethernet interface? Or should > I just give up and move on with my life :P > > > On Sat, Oct 31, 2009 at 3:32 PM, Davide Brini <da...@gm...> wrote: > >> On Saturday 31 October 2009, William McMahon wrote: >> >> > Ok, I'm starting to understand a lot better - thanks for all your help. >> I >> > was able to test the connection with one of my clients and they were >> able >> > to connect to the VPN. Their TAP adapter was receiving an IP of >> 10.8.0.50. >> > However they were unable to ping the server and I was unable to ping >> them >> > - but this could have been a firewall/router issue on the client side. >> > Just to clarify further.. if I am using a bridged VPN would the client >> > need to ping: >> > >> > 1. My Ethernet Address: in the above case: 192.168.1.114 >> > --or/and-- >> > 2. My VPN address: in the above case: 10.8.0.4 >> > >> > Similarly, for the server to ping the client would I ping their: >> > >> > 1. Local Ethernet address: probably something like 192.168.x.x >> > --or/and-- >> > 2. Their VPN address: in the above case: 10.8.0.50 >> >> Assuming your main LAN you want to give access to bridged clients is using >> addresses in the range 10.0.8.0/24, you should be able to ping from any >> internal LAN host to any VPN client, and from any VPN client you should be >> able to ping internal LAN hosts. >> If the server itself has an IP address in that range (ie on the bridged >> interface), you should be able to ping that address too. >> >> Note that what you say above, together with what you said in earlier >> emails, >> is making me think that you're trying to use an address that should be >> part of >> the LAN/VPN pool as the "public" endpoint IP for the VPN itself (not >> really >> public here, but that's what its logical function would be). >> While it is possible to make such a thing work with some tricks (though I >> strongly advise against doing that), that is usually a signal that you >> either >> haven't understood how bridging should work, or you did not design your >> VPN >> correctly. >> >> What is usually done when bridging is to have a bridge interface composed >> of >> an ethernet and a tap interface. The ethernet interface is physically >> connected to the LAN you want to make reachable over the VPN, and the >> bridge >> interface, optionally, has an IP address in that same LAN. Remote clients >> are >> supposed to receive IP addresses that are part of the same pool. >> The OpenVPN server should then have another separate interface, usually >> with a >> public IP (or that receives traffic forwarded by some router with a public >> IP), and that interface is where OpenVPN should listen for remote client >> connections. >> >> -- >> D. >> >> >> ------------------------------------------------------------------------------ >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA >> is the only developer event you need to attend this year. Jumpstart your >> developing skills, take BlackBerry mobile applications to market and stay >> ahead of the curve. Join us from November 9 - 12, 2009. Register now! >> http://p.sf.net/sfu/devconference >> _______________________________________________ >> Openvpn-users mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/openvpn-users >> > > |