On 10/03/2015 10:01 AM, Peter Thurner wrote: > Hi Guys, > > I currently run one physical Machine with one VPN Server per CPU > Core. I don't use 'client-to-client', but ip.forward=1 and IPTables > to manage which client is allowed to establish a NEW Connection to > which client. I want to scale that Setup to multiple Servers in > multiple Geo-Locations. So I need this: > > Client One => (via VPN) => Server A => (via Public Internet) => > Server B => (via VPN) => Client B > > I found this here: > https://openvpn.net/archive/openvpn-users/2008-01/msg00068.html > > And I'm wondering: If Client One sends Traffic to Server A, which > then gets FORWARDed to Server B to Client Two - wont Server A decrypt > the traffic, forward it and then Server B encrypts it again? If so, > the above answer does not work via public Internet, as all the > Traffic is forwarded decrypted, is that correct?
Yes > As far as I get it, thats also what happens when you let Clients > communicate locally between multiple OpenVPN Processes. Also true but not a security concern since this is all local forwarding. > If that is true, whats the best practice way for this? Run a tunnel between server A and server B. HTH, Simon ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
