From: Bob Proulx <[email protected]> Date: Tue, 18 Jan 2011 21:12:47 -0700 > I am suggesting that you have such a complicated routing setup that it > is causing you difficulty and that you should simplify it by some > method. You listed five (5!) route commands in your configuration.
Yes; addressing subnets rather than individual machines is better. Now there is just one route directive in joule:/etc/openvpn/myvpn.conf to identify the subnet at UBC. dalton:/etc/openvpn/myvpn.conf has one route directive to identify the subnet at home; but dalton has two other route directives to let the subnet at UBC connect to the Shaw FTP and SMTP servers. The Shaw SMTP server will accept a connection only via my home link. The FTP server will accept a connection from anywhere but the tunnel avoids exposing communication to the public. http://carnot.yi.org/NetworksPage.html is updated with the details. For now, I can't think of any further simplification. From: Mike Bird <[email protected]> Date: Tue, 18 Jan 2011 21:07:47 -0800 > Once your routing gets that complexicational you might > want to consider using a routing deamon such as Quagga. > > You could probably use OSPF over the tunnels but we > prefer to use private BGP, with each office and laptop > and customer office network a separate private AS. I'll read about those. Now that the configurations are simplified I might leave them rather than install more software. Thanks for the ideas. Avoiding reliance on a DDNS for Joule by dropping the remote directive on Dalton was a crucial improvement. ... Peter E. -- Telephone 1 360 450 2132. Shop pages http://carnot.yi.org/ accessible as long as the old drives survive. Personal pages http://members.shaw.ca/peasthope/ . -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
