Hi Dave,
Am 01.08.14 17:37, schrieb davidg12...@fast-email.com:
>> If you *really* want to send everthing else except your "service
>> traffic" over the internet that would require more configuration on both
>> routers.
>
> On BOTH? Ok, I really didn't figure that. I really don't get this stuff yet
> :-/
Sure, one route is for the requests from first location and the other
route is needed for the responses sent by the peer at the second location ;)
> Why would you consider it "error prone"? I thought this is one of
> the things Openvpn is SUPPOSED to do?
I just meant having a complex routing setup (with rules for specific
hosts/ports) rather then a general network based rules might be error prone.
> In any case, there will be another set of services at Location1.
>
> I need them to be accessible from diffferent points on my lan (my
> desktop is just the 2st starting point), and only accessible over the
> vpn. I'd prefer to have only the one tunnel and one instance per
> router of openvpn. Not setting up multiple tunnels and having to
> install openvpn at each point wanting to route traffic over the vpn.
To me it sounds you actually want to achieve this:
1. send/recive traffic from any host at one location to
specic/any hosts at the other location.
2. send/receive traffic from any host at both locations to
"internet hosts" over the local router's internet link.
As said, this can be done by adding a network route to your openvpn
config that points to the other VPN peer's local subnet - openvpn will
do the particular route add/delete for you.
After the VPN connection is established the operating system on the
router knows that every IP packet with a destination address in the
other network has to be sent through the tunnel.
If the destination address do not match that routing rule the packet
is directly sent over the internet link (aka default route).
HTH,
Mathias.
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
