True, but that's more for advanced policy based routing scenarios. It
wouldn't help someone trying to do basic setup through the GUI.
-James
On Fri, Mar 30, 2012 at 2:50 PM, Michael Keuter <li...@mksolutions.info>wrote:
> As usually the Wiki has some more info for special cases :-):
>
> http://doc.astlinux.org/userdoc:openvpn_access
>
> Am 30.03.2012 um 18:58 schrieb Tom Chadwin:
>
> > Thank you both. That is indeed where I went wrong. I set the network to
> be
> > the LAN subnet.
> >
> > I will have another go once I am back up and running (I'm hoping that
> just
> > deleting /mnt/kd/gui.anything_openvpn_related.conf should bring it back
> to
> > life). Next I just need to identify yet more unique subnets to use - we
> have
> > load balancers running MPVs which also use their own subnets, so this is
> > going to get confusing.
> >
> > One step at a time, and I have enough to go on to make some progress for
> > now. However, for this solution to work for us, all clients on both
> client
> > and server subnets need to be able to route to one another, in both
> > directions. However, James has given me some pointers towards that in his
> > earlier message, so hopefully that will get me there.
> >
> > If it all works (as I'm SURE it shall), I'll try to write it up on the
> wiki.
> > No-one better than a beginner to test and write up for other beginners.
> >
> > Thanks again for all your help
> >
> > Tom
> >
> >
> > -----Original Message-----
> > From: Lonnie Abelbeck [mailto:li...@lonnie.abelbeck.com]
> > Sent: 30 March 2012 17:53
> > To: AstLinux Users Mailing List
> > Cc: Tom Chadwin
> > Subject: Re: [Astlinux-users] OpenVPN config
> >
> > Hi Tom.
> >
> > The OpenVPN Server network is totally new and unique, only one box will
> run
> > as a server, why not use:
> >
> > Network: 10.8.1.0 255.255.255.0
> >
> > for the server endpoint.
> >
> > Then the Clients would have
> >
> > Remote Server: 1.2.3.4 (public IPv4 address of OpenVPN server)
> >
> > Remote Network: 10.8.1.0 255.255.255.0
> >
> > The Cipher should match for all clients and servers.
> >
> > Generate all the certs/keys on the Server, and distribute them to the
> > clients, using the web interface for both.
> >
> > That is about all there is to it.
> >
> > But, if you want to route networks behind the clients, that is a little
> more
> > complicated, but can be done. If so, This may be a case where IPsec may
> be
> > the better choice, if you want to route networks to networks.
> >
> > Lonnie
> >
> >
> >
> > On Mar 30, 2012, at 11:24 AM, Tom Chadwin wrote:
> >
> >> Many thanks indeed for this. I shall certainly attempt this once I
> >> have sorted out the issues on Monday. One question:
> >>
> >>> (Server Mode)
> >>> Network: ***This is the network you want to be running over the TUNNEL.
> >> Make sure you chose something not being used by any other network
> > interface.
> >> This might have been what caused the bricking earlier, if you set it
> >> the same as the WAN interface. It should be in the format of X.X.X.X
> >> Y.Y.Y.Y, with X as the network address and Y as the subnet mask (ie:
> >> 172.21.0.0
> >> 255.255.255.0)***
> >>
> >> This is not 100% clear to me, and could have been where I went wrong,
> >> though I absolutely did not put the WAN network or interface in here.
> >> Is this the LAN network/subnet which this Astlinux box is on, or is it
> >> an entirely new subnet not used by LAN or WAN at either end of the
> tunnel?
> >>
> >> Real topology:
> >>
> >> Server LAN is aaa.aaa.aaa.aaa/24
> >> Server WAN is xxx.xxx.xxx.xxx/29
> >>
> >> Client LAN is bbb.bbb.bbb.bbb/24
> >> Client WAN is yyy.yyy.yyy.yyy/29
> >>
> >> Under "Server Mode", should "Network" be aaa.aaa.aaa.aaa
> >> 255.255.255.0, or should it be ccc.ccc.ccc.ccc 255.255.255.0 (your
> maskage
> > may vary)?
> >>
> >> Thanks, and many apologies for beginner's questions
> >>
> >> Tom
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > This SF email is sponsosred by:
> > Try Windows Azure free for 90 days Click Here
> > http://p.sf.net/sfu/sfd2d-msazure
> > _______________________________________________
> > Astlinux-users mailing list
> > Astlinux-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/astlinux-users
> >
> > Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
>
> Michael
>
> http://www.mksolutions.info
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
