Hi, On Fri, Feb 14, 2020 at 10:47:39PM +0100, free...@tango.lu wrote: > I working on a mesh (later on might be a full mesh) network with OpenVPN > and OSPF on the vpn links.
I just came across this...
> Location A ==> 10.0.1.0/24
> PTP router links for tun interface 192.168.1.1<>192.168.1.2 A->B
> PTP router links for tun interface 192.168.1.3<>192.168.1.4 A->C
>
> Location B ==> 10.0.2.0/24
> PTP router links for tun interface 192.168.1.1<>192.168.1.2 A->B
> PTP router links for tun interface 192.168.1.5<>192.168.1.6 B->C
>
> Location C ==> 10.0.3.0/24
> PTP router links for tun interface 192.168.1.5<>192.168.1.6 B->C
> PTP router links for tun interface 192.168.1.3<>192.168.1.4 A->C
>
> Each link would run OSPF on top so for example if the connection between
> A and B would go down the traffic would automatically routed through
> A->C->B.
This is a good goal, but does *not* with OpenVPN in "tun server" scenario
(because OpenVPN would not learn about the routes exchanged by OSPF).
It works in p2p tun mode (because then OpenVPN is totally dumb, just forwards
"what comes in goes out"), or in any tap mode (because OpenVPN then would
only care about MAC addresses, not about IP addresses).
> What is the best practice for this scenario, running 1 OpenVPN server
> and 1 client per location or having multiple instances with p2p mode is
> better?
I'd go for p2p, because this is really what you are building :-) - virtual
connects, putting overlay routing on top, outside OpenVPN.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
