Menu
▾
▴
Re: [Openvpn-users] more that one tunnel in openvpn subnet topology ?
|
From: Jan J. K. <ja...@ni...> - 2009-04-21 07:39:55
|
Hi Jerome, Phibee Network Operation Center wrote: > Hi > > I use actually this config: > > local MY_IP_WAN > port 1194 > proto udp > dev tun1 > topology subnet > mode server > tls-server > server 10.100.2.128 255.255.255.128 > keepalive 10 60 > persist-key > persist-tun > status /var/log/openvpn/status-UDP.log 1 > log-append /var/log/openvpn/openvpn-UDP.log > verb 1 > dh /etc/openvpn/certificats/dh1024.pem > ca /etc/openvpn/certificats/cacert.pem > cert /etc/openvpn/certificats/openvpn-server.cert > key /etc/openvpn/certificats/openvpn-server-key.pem > tls-auth /etc/openvpn/certificats/ta.key 0 > writepid /var/run/openvpn/openvpn-UDP.pid > duplicate-cn > auth-user-pass-verify /etc/openvpn/auth-users-ad.pl via-file > comp-lzo > tun-mtu 1500 > mssfix > > > that's work, when i am connect, he use one IP of the subnet 10.100.2.128 > .... > > I want now use this config: > > local MY_IP_WAN > port 1194 > proto udp > dev tun1 > topology subnet > mode server > tls-server > server 10.100.2.128 255.255.255.128 > keepalive 10 60 > persist-key > persist-tun > status /var/log/openvpn/status-UDP.log 1 > log-append /var/log/openvpn/openvpn-UDP.log > verb 1 > dh /etc/openvpn/certificats/dh1024.pem > ca /etc/openvpn/certificats/cacert.pem > cert /etc/openvpn/certificats/openvpn-server.cert > key /etc/openvpn/certificats/openvpn-server-key.pem > tls-auth /etc/openvpn/certificats/ta.key 0 > writepid /var/run/openvpn/openvpn-UDP.pid > duplicate-cn > username-as-common-name > auth-user-pass-verify /etc/openvpn/auth-users-ad.pl via-file > client-connect "./Scripts/up.sh" > client-disconnect "./Scripts/down.sh" > comp-lzo > tun-mtu 1500 > mssfix > > for supply static IP ... > > in the concept, the OPENVPN server sent correctly: > when user don't have IP Fixe supplied by the client-connect, openVPN > supply a 10.100.2.1XX IP ... > when user have IP Fixe supplied by the client-connect, openVPN > supply a 10.100.3.100 IP ... > > but i have this error: > > Tue Apr 21 03:33:42 2009 testlogin/88.xx.xx.xx:4511 MULTI ERROR: primary > virtual IP for testlogin/88.xx.xx.xx:4511 (10.100.3.100) violates tunnel > network/netmask constraint (10.100.2.128/255.255.255.128) > > > i don't have test if that work but i don't thinks because i dont receive > push route ... > > > the openvpn config statement server 10.100.2.128 255.255.255.128 means that openvpn only "knows" about the subnet 10.100.2.128/25 10.100.3.100 falls outside of that range; try setting the "server" statement to server 10.100.3.0 255.255.252.0 or otherwise choose a different subnet range for the static IPs (e.g. 10.100.2.1-127 ?) HTH, JJK |
