[Openvpn-users] routing table between openserver instances

[Zen K. <ze...@pi...>]

Hi, 

The scenario is as follows;
There are 47 districts, each district has max 160 sites.
Each site has vlan-bridge(vlan-b) for roadwarriors.
Max numbers of roadwarriors' virtual address is 200
(10.xx.xx.21 to 10.xx.xx.220) for each site.

Do we need one openserver instance for one tun/tap?
if so, we need three openserver instances at site1-1,site2-1,..
site47-1 and two openserver instances at the other sites.

My question is how to write routing table on each site
between openserver instances. 

instance1 is between local subnet(e.g.,10.82.1.0) and 
vlan-b(e.g., 10.82.1.21~ 10.82.1.220).

instance2 is between local subnet(e.g.,10.82.1.0) and 
virtual lan1(10.81.1.0).

instance3 is between local subnet(10.82.1.0) and
virtual lan0(10.81.0.0).

When a roadworrior(10.82.1.21) communicate to a roadworrior
(10.82.160.21), voice packet goes as follows;

(10.82.1.21)---(eth1:tap0)---(eth0)--(tun0:eth1:10.81.1.1)--
<-- site1-1 instance1 ---------><-- site1-1 instance2 --->
                               ??

--(10.81.1.160:eth0:tun0)---(eth0:10.82.160.1)----(tap0:eth1)--
  <----- site1-160 instance2 ---------><--site1-160 isntanace1 
                                      ??

--(10.82.160.21)
------------->

((((((((((((((((((( internet ))))))))))))))))))))))))))))))
       |            |                 |              |
       |       openvpn virtual lan0   | 10.81.0.0    |
---+------------------------------+----------------------
   |.1 |            |             |.47|              |
   |   | virtual lan1(10.81.1.0)  |   | virtual lan47(10.81.47.0)
   |   |  =+=========+=====       |   | =+============+==
   |   |   |.1      ||.160        |   |  |.1         ||.70
   |   |   |        ||            |   |  |           ||
---|---+---|---   --+|----     ---|---+--|----    ---+|---
|  | eth1  |  |   |  |   |     |  | eth1 |   |    |   |  |
| tun1   tun0 |...| tun0 | *** | tun1   tun0 |... | tun0 |
|        tap0 |   | tap0 |     |        tap0 |    | tap0 |
|  eth0    |  |   |    | |     |  eth0   |   |    |    | |
--+--------|---   -+---|--     --+-------|----    -+---|--
  |.1  ********    |.1 ********  |.1 **********    |.1 **********
  |    vlan-b      |  vlan-b     |   vlan-b        |   vlan-b
  |    10.82.1     |  10.82.160  |   10.128.1      |   10.128.70
  |    .21~.220    |  .21~.220   |   .21~.220      |   .21~.220
  |                |             |                 |
  |10.82.1.0       |10.82.160.0  |10.128.1.0       |10.128.70.0
--+----+-----     -+-----+--    -+------+-------  -+-----+----
  |.2  |.3         |.2   |.3     |.2    |.3        |.2   |.3
  |                |             |                 |
  |                |             |                 |         
  gw               gw            gw                gw
  |                |             |                 |
---------------  ------------- ---------------  -------------
site1-1          site1-160      site47-1         site47-70
local net        local net      local net        local net
--------------   ------------  ---------------  -------------
 |  |.....        |  |......     |  |.......      |  |.....
 pc pc            pc pc          pc pc            pc pc           


tun0: udp 1194
tun1: udp 1195
tap0: udp 1196

site          local subnet
------------  ------------
site1-1        10.82.1.0
site1-2        10.82.2.0
....
site1-160      10.82.160.0

site2-1        10.83.1.0
site2-2        10.83.2.0
...
site2-50       10.83.50.0
*
*
*
site47-1       10.128.1.0
site47-2       10.128.2.0
....
site47-70      10.128.70.0

Regards,

Zen