Hi Tom. The OpenVPN Server network is totally new and unique, only one box will run as a server, why not use:
Network: 10.8.1.0 255.255.255.0 for the server endpoint. Then the Clients would have Remote Server: 1.2.3.4 (public IPv4 address of OpenVPN server) Remote Network: 10.8.1.0 255.255.255.0 The Cipher should match for all clients and servers. Generate all the certs/keys on the Server, and distribute them to the clients, using the web interface for both. That is about all there is to it. But, if you want to route networks behind the clients, that is a little more complicated, but can be done. If so, This may be a case where IPsec may be the better choice, if you want to route networks to networks. Lonnie On Mar 30, 2012, at 11:24 AM, Tom Chadwin wrote: > Many thanks indeed for this. I shall certainly attempt this once I have > sorted out the issues on Monday. One question: > >> (Server Mode) >> Network: ***This is the network you want to be running over the TUNNEL. > Make sure you chose something not being used by any other network interface. > This might have been what caused the bricking earlier, if you set it the > same as the WAN interface. It should be in the format of X.X.X.X Y.Y.Y.Y, > with X as the network address and Y as the subnet mask (ie: 172.21.0.0 > 255.255.255.0)*** > > This is not 100% clear to me, and could have been where I went wrong, though > I absolutely did not put the WAN network or interface in here. Is this the > LAN network/subnet which this Astlinux box is on, or is it an entirely new > subnet not used by LAN or WAN at either end of the tunnel? > > Real topology: > > Server LAN is aaa.aaa.aaa.aaa/24 > Server WAN is xxx.xxx.xxx.xxx/29 > > Client LAN is bbb.bbb.bbb.bbb/24 > Client WAN is yyy.yyy.yyy.yyy/29 > > Under "Server Mode", should "Network" be aaa.aaa.aaa.aaa 255.255.255.0, or > should it be ccc.ccc.ccc.ccc 255.255.255.0 (your maskage may vary)? > > Thanks, and many apologies for beginner's questions > > Tom ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
