first of all THANKS! James Yonan wrote:
* Add an internal routing capability to the OpenVPN server to allow client-to-client communication, without going through the tun interface on the server.
why this is needed? ans what exactly this means?
* Right now clients are allocated a single, dynamic IP address. It would be nice if a connecting client could specify a full subnet to be tunneled.
would be welcome!
* It would be nice to provide for some client-side failover by allowing --remote to specify a set of machines, or allow a hostname in --remote that has been configured with multiple addresses in DNS. The idea is that a server would be randomly chosen from the list, and if the connect failed, another would be tried.
would be nice.
* True point-to-multipoint capability -- essentially a generalization of the current multi-client server model. In point-to-multipoint mode, a host can securely connect into a kind of "VPN cloud" that is fully distributed, without a single point of failure. The VPN cloud is like a small version of the internet itself and uses a protcol such as OSPF to dynamically manage routing information. The key advantage of this model is that it is distributed rather than being bound to a single server. This means that VPN traffic will take a direct path between any 2 points in the cloud, rather than needing to go through a central server.
how does this effect the --redirect-gateway option? it's my favorite since I like that my vpn clients can only communicate with me (the server) and through me the rest of the world (intranet, other vpn point and internet). this is essential when I wanna make a central firewall and internet access policy. this is why it's not clear to me what do you mean by the above "client-to-client communication"?
# The server's virtual endpoints ifconfig 10.8.0.1 10.8.0.2
this means this server has two enpoint in the server side? -- Levente "Si vis pacem para bellum!"
