Hi, On Mon, Nov 29, 2021 at 12:12:39PM +0000, Alexander Franklin wrote: > 1. Is it possible for client configs to have/Server configs to push out > multiple IP addresses to particular clients? This would be brilliant if > this was an option, as I could just add IP for each device and add the NAT > rules as required. I cannot find this feature in the > documentation/Stackoverflow/Emails, which makes me think this is not an > option at the moment.
"sort of"
You can configure the server to *route* more IPs to a particular client,
by means of --client-config-dir and --iroute statements inside this
per-client config.
There is no way to make these addresses do anything "magic" on the client
(as in, configure multiple addresses, and set up multiple NAT mappings) -
so you need an --up script for that which will have to do all the
"non-default" work. Also, there is no signalling between client and
server about these extra addresses, the server assumes "this is
something like the client's LAN network, so it already knows".
So, if you can live with a few extra addresses that are known by all
parties beforehand (= no dynamic stuff), and can put these into the
--up script on the client and the --client-config-dir on the server,
it will work.
> It would be nice to know if it would be practical to
> add this feature. I did C++ for 4 years when I came out of University, so I
> should be able to add this feature but I would need some assistance as I
> haven't contributed to the project yet and I wouldn't know where to start
> trying to add this.
If you *really* need this to be more dynamic, you can do scripting on
the server side in a --client-connect script, have that script generate
--iroute and --push "setenv UV_..." commands, and then look at the
env variables on the client side to see what was pushed...
> 2. Could I have additional docker-contained clients on the client side
> to host additional IPs? I think this would work, I assume the performance
> wouldn't be terrible on a PI 4, although this does feel like a bit of
> unnecessary virtualisation and quite a bit of work to set up the docker
> containers.
You can have multiple addresses on the tun device just fine ("ip addr add..")
but to install extra NAT mappings, all you need is a DNAT rule with IP match.
> 3. I know I could I have routes through to the IP pools of each gateway,
> however we have lots of gateways and the majority of local IP addresses for
> the devices connected to the Gateway are the same. This option feels like a
> configuration nightmare.
Not sure I understand this part.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
