Hi, On Wed, Nov 05, 2014 at 11:46:50PM +0100, Jan Just Keijser wrote: > If you are in a tun-based setup then you do not need the iroutes, > strictly speaking: it can also be done using server side routing and > firewalling, but this requires some iptables magic.
Uh? "no"...
"Please make the network 192.168.1.0/24 available behind 'client-gert'"
- how would you do that with iptables magic, if OpenVPN doesn't know
which client session to send the packets to?
For *tap* it's easy (as it's just "route to the next-hop on the tap
interface transit net") but for tun, the server needs to know.
Of course, you could do NAT on the client side to make "VPN access work
for an additional client network", but that won't work for (non-natted)
access *to* that network.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgp3VEEuntmax.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
