Hello Bonno, Is using tap instead of tun my only choice? As I 've already seen packets flowing out of the tun interface in the server end, the only problem is that the packets is not forward to another interface. I 'm told that tap is of more overhead, so I prefer tun if possible.
Bonno Bloksma <b.blok...@tio.nl> writes: > Hi, > > For a layer 2 connection use tap in stead of tun. I use both, tun for > my regular road warriors and tap for my backup internet vpn in case my > layer 2 WAN connection goes down. > When using tap be aware of the pitfalls using a layer 2 WAN > connection, like broadcasts etc. I use it on my small layer 2 router > network where there are just a few router / devices. > > Use different ports for the different simultaneous configurations. I > use the default 1194 port for my road warriors and a different port > for my WAN backup. > > > Bonno Bloksma > > > -----Oorspronkelijk bericht----- > Van: Zesen Qian [mailto:openvpn-us...@riaqn.com] > Verzonden: dinsdag 2 juni 2015 3:29 > Aan: Bonno Bloksma > CC: openvpn-users@lists.sourceforge.net > Onderwerp: Re: [Openvpn-users] Site-to-Site configuration? > > Hello Bonno, > Thanks for your help! Now I 've setup a working site-to-site config > and I can ping from one site to another site. There still a small > problem, though. > Since it's a site-to-site config, I don't really need any IP address > on either end of the tunnel. That is, I don't assign any IP address on > server or client. I don't know if it's a bug or feature, but then I > have to manually turn on the interface by "ip link set tun0 up" on > both client and server. After that server can receive packets that is > intended to the subnet on the server side. > However, server seems not forwarding the packet from tun0 to the LAN > interface. I 've already set 'sysctl net.conf.all.ip_forward=1'. > Someone has any idea? any comment is appreciated. > > > Bonno Bloksma <b.blok...@tio.nl> writes: > >> Hi, >> >> I use a server/client environment to have OpenVPN connect my 5 sites. Simply >> set it up as if you would for 1 client. >> Then make sure you set up routing correctly. Most of that is done >> using the iroute statement, best is to use 1 config file per client in >> a ccd directory. >> Remember, routing consists of 2 parts with openvpn. The OS needs to >> know to send packets to the Openvpn interface, OpenVPN needs to know >> which client has which network behind it. Using iroute wil let OpenVPN >> set it up fout you for the most part. >> Use a push-route in your server config to let the clients know what the >> network behind the server is. >> >> What platform will you use for this? Redhat, Debian, etc? Or a non Linux >> platform? >> >> >> Met vriendelijke groet, >> Bonno Bloksma >> senior systeembeheerder >> >> tio >> university of applied sciences >> begijnenhof 8-12 / 5611 el eindhoven >> t +31 (0)40-296 28 28 >> b.blok...@tio.nl / www.tio.nl >> >> Volg ons op Twitter / Facebook / LinkedIn / YouTube >> >> -----Oorspronkelijk bericht----- >> Van: Zesen Qian [mailto:openvpn-us...@riaqn.com] >> Verzonden: vrijdag 29 mei 2015 16:59 >> Aan: openvpn-users@lists.sourceforge.net >> Onderwerp: [Openvpn-users] Site-to-Site configuration? >> >> Hello, >> I 've just switched from IPsec(strongswan) to OpenVPN, and I want to >> configure a site-to-site setup. I googled for it but find nothing. >> There 're only tutorials for some GUI based configuration, but I need >> the 'openvpn.conf' example. >> Thanks! > > ------------------------------------------------------------------------------ > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users -- Regards, 祝好 Zesen Qian (钱泽森) ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
