Hi, On Thu, Nov 06, 2014 at 11:34:49AM +0100, Jan Just Keijser wrote: > I hate to admit it, but I'm afraid you're right ;)
My dayjob is "router manglement at a regional ISP", so all this routing
and IP stuff I really get to practice ;-)
> I was still trying to get a working example but I think I've got 'tun'
> and 'tap' mixed up....
> Now that I think about it, it will indeed not work in 'tun' mode.
> I was confusing this with 'client-to-client': it's possible to provide
> client-to-client functionality without 'client-to-client' using some
> iptables magic. This is not possible in 'tap' mode.
> In 'tap' mode you can avoid 'iroutes' .
True, client-to-client without --client-to-client via tun can work (and
be subject to server side firewalling), but not via tap. Might work if
you stuff the tap interface into an openvswitch or so :-))
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpZ354T8H9Ti.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
