Hi Mathias,
On 08/01/2014 09:10 AM, Mathias Jeschke wrote:> Hi Dave,
> Sure, one route is for the requests from first location and the other
> route is needed for the responses sent by the peer at the second
> location ;)
I thought the responses were dealt with by firewall masquerading and nat-ing.
Wrong again.
> I just meant having a complex routing setup (with rules for specific
> hosts/ports) rather then a general network based rules might be error
> prone.
Oh, you meant *I* would be error-prone. That I completely understand! ;-)
> To me it sounds you actually want to achieve this:
>
> 1. send/recive traffic from any host at one location to
> specic/any hosts at the other location.
>
> 2. send/receive traffic from any host at both locations to
> "internet hosts" over the local router's internet link.
If I'm reading that right, I think that's *almost* it ...
When I'm eventually done I need (1), (2) & (3) to be true & active concurrently:
(1) Bi-directionally, uniquely communicate across the vpn between specific
hosts/services
local_lan:BoxA:serviceA:10001 -- vpn -->
Location1:Router:serviceX:10010
Location1:Router:serviceX:10010 -- vpn -->
local_lan:BoxA:serviceA:10001
(2) Local services communication to/from the internet over the vpn thru
Location1's external interface
local_lan:BoxB:serviceB:20001 -- vpn --> Location1's external
eth1:20001 --> internet
internet --> Location1's external eth1:20001 -- vpn -->
local_lan:BoxB:serviceB:20001
(3) and fallbacks
local_lan* --> Location2's external eth1 --> internet
Location1* --> Location1's external eth1 --> internet
> As said, this can be done by adding a network route ...
Iiuc then I need ALL of
Routes in Location1's openvpn config
Static Routes on Location1's router ## ( or can these two all be done
as routes & iroutes
Static Routes on Location2's router ## in Location1's openvpn config
and ccd/client-config? )
Static Routes on Location1 lan's BoxA & BoxB
Is that headed in the right direction?
This stuff is hard!
Dave
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
