Menu
▾
▴
Re: [Openvpn-users] Redundant vpn-setup for connecting two networks
|
From: Jan J. K. <ja...@ni...> - 2008-08-28 10:41:46
|
Hi Till, Till Neudecker wrote: > Hi, > > I connected my subnets exactly as described in the official howto and it > worked fine. The problem only comes up when the second client from the same > subnet connects. > > Some more information about the setup: The server is located in > 10.10.10.0/24, the clients are in 192.168.0.0/24 > > > Server-config: > ... > push "route 10.10.10.0 255.255.255.0" > ... > client-config-dir /etc/openvpn/ccd > route 192.168.0.0 255.255.255.0 > ... > > > In the ccd-directory I have two files client1 and client2 both containing > "iroute 192.168.0.0 255.255.255.0". > The clients both have the same standard client-config. The > 10.10.10.0-gateway has a route to 192.168.0.0/24 over the server and the > 192.168.0.0-gateway has a route to 10.10.10.0/24 either through client1 or > client2 (managed by ifstated). So the routing would work if openvpn wouldn't > drop packets sent trough client1 from an IP that client2 claimed to be in > it's subnet. > > hmmmm openvpn cannot do this by default... a client subnet belongs to a single client, not to multiple clients. So either remove the lines in the sources (but I'd expect other problems if you do that) or change your networking setup. Do you need to be able to address each machine in the client LAN? If not, then try using masquerading on the clients to not give away the entire LAN IP space. That way openvpn will not get confused which LAN is behind which client. HTH, JJK |