From: Marcel de R. <ma...@de...> - 2007-01-01 12:42:32
|
Joris Kinable wrote: > -Clients are unable to reach systems on the server network. Remember > that I'm NOT allowed to assign the clients an ip in the same range the > server is in (130.90.0.0/16)(that's why I assigned the clients an ip > on the private range 10.8.0.50-10.8.0.100)! So in some sort of way if > a client wants to connect to a system on the servers' network, the > server needs to send the request and when he receives the reply, he'll > need to figure out to which client he needs to forward it. So what I'm > trying to explain is that the server is the only entrance into the > network he's on. I think you can compare it with a NAT router with 1 > WAN ip and loads of clients on the LAN side. Can someone tell me how I > can achieve this or give me a direction to search? > From the website op OpenVPN: /"Ethernet bridging/ essentially involves combining an ethernet interface with one or more virtual TAP interfaces and bridging them together under the umbrella of a single bridge interface. Ethernet bridges represent the software analog to a physical ethernet switch. The ethernet bridge can be thought of as a kind of software switch which can be used to connect multiple ethernet interfaces (either physical or virtual) on a single machine while sharing a single IP subnet. By bridging a physical ethernet NIC with an OpenVPN-driven TAP interface at two separate locations, it is possible to logically merge both ethernet networks, as if they were a single ethernet subnet." So bridging is all about workstations on the same IP-subnet. If you cannot give your VPN clients an ip-address in the same ip-range there is no bridging possible, only routing. Therefor server and clients in segment 130.90.0.0/16 must know the route to your private ip-range. |