Hi! In the old 2.4 version days, we used a private patch which accomplished the following:
Every clients gets a fwmark and a mask assigned via the config or a ccd file Outbound packets -If the systems sends a packet, it always has a fwmark assigned -If such a packet goes thru the tun/dco device to openvpn, openvpn reads the fwmark -It checks which clients have the corresponding fwmark and then does the "normal routing" and sends the packet Inbound packets -OpenVPN processes the packet coming from the client -It knows the fwmark and attaches the mark to the package -The system will route the packet depending on fwmark and IPs We used this to reduce the number of OpenVPN processes in our multi tenancy setup to a minimum. For the future I want to implement this again, perhaps now in DCO instead of tun. Now my question is if this is of interest for the community. If yes, I would love to get some resonance and guidance, so that it can be merged. If not, I would do this in our private branch. Kind regards, André
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel