On Sun, 2016-09-25 at 16:40 +0200, Jan Just Keijser wrote: > > thanks for clarifying - but with OpenVPN 2.4 the default topology mode > will be 'subnet topology', in which we also assign a single IP address > to each client. Is there a (fundamental) difference between these two?
Subnet topology is nice if you *have* a subnet. At least you only "waste" one network and one broadcast address for your entire subnet, rather than wasting three IP addresses per client as with the 'net30' topology. But still the true point-to-point mode allows absolutely *no* wastage, and can be used in circumstances where you really *can't* just dedicate a subnet to the purpose. If you have a thousand clients, then sure the wastage of the subnet topology is in the noise. If you have just one client then it's just the same as net30, because that's what you actually end up doing. One example that comes to mind is if a machine is being rehomed from a known IP address on a given subnet, but which still needs to be reachable on its original IP address. Another machine on the original subnet can be set up to do proxy ARP for it on the real Ethernet, and route its packets over OpenVPN... but you can't just use that subnet for the VPN. But mainly it just offends me that this is supported on other platforms, but it *doesn't* work on Windows.... and I think it could. :) -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel