Bug#534911: subnet topology requires static client subnet routes

2017-10-04 Thread martin f krafft 
also sprach Jörg Frings-Fürst  [2017-10-03 21:38 
+0200]:
> at the follow-up from your ML link you found the soulution.

Thanks for cleaning up those old bug reports!

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
"anyone who is capable of getting themselves made president
 should on no account be allowed to do the job"
  -- douglas adams


digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Bug#534911: subnet topology requires static client subnet routes

2017-10-03 Thread Jörg Frings-Fürst 
Hello Martin,

at the follow-up from your ML link you found the soulution.

[quote]
I have a solution. It's enough to explicitly add the client's (*) VPN 
address after the netmask:

route 10.20.1.0 255.255.255.0 192.168.2.20
route 10.250.0.0 255.255.255.0 192.168.2.20
[/quote]

So I close this bug now.

CU
Jörg
-- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D
CAcert Key S/N : 0E:D4:56

Old pgp Key: BE581B6E (revoked since 2014-12-31).

Jörg Frings-Fürst
D-54470 Lieser

Threema: SYR8SJXB
Wire:  @joergfringsfuerst
Skype: joergpenguin
Ring:  jff

IRC: j_...@freenode.net
 j_...@oftc.net

My wish list: 
 - Please send me a picture from the nature at your home.


signature.asc
Description: This is a digitally signed message part

Bug#534911: subnet topology requires static client subnet routes

2009-06-28 Thread martin f krafft 
Package: openvpn
Version: 2.1~rc15-1
Severity: normal
Tags: upstream

(Copied from http://openvpn.net/archive/openvpn-users/2007-08/msg00145.html)

With the default mode (the implicit topology net30) I used to do this to
assign static routes towards a given client:

$ cat /etc/openvpn/ccd/some-client
iroute 10.20.1.0 255.255.255.0
iroute 10.250.0.0 255.255.255.0
$ cat /etc/openvpn/server.conf
[...]
route 10.20.1.0 255.255.255.0
route 10.250.0.0 255.255.255.0
[...]

When the tunnel was established, the static routes were set towards that
particular client. Everything worked fine.

With topology subnet it doesn't seem to work, as 'route' now needs
a gateway argument. However, the IP of the connecting client is not
known, and neither 'route' nor 'client-connect' can be used in the
client-config-dir file (where iroute is used).

Subnet topology is a great step forward, but it's currently not
usable in situations where clients connect subnets to the server.

The best solution would be to allow 'route' directives in the
per-client config files in client-config-dir.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-1-686 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0] 1.5.26 Debian configuration management sy
ii  libc6 2.9-18 GNU C Library: Shared libraries
ii  liblzo2-2 2.03-1 data compression library
ii  libpam0g  1.0.1-9Pluggable Authentication Modules l
ii  libpkcs11-helper1 1.07-1 library that simplifies the intera
ii  libssl0.9.8   0.9.8k-3   SSL shared libraries
ii  openssl-blacklist 0.5-2  list of blacklisted OpenSSL RSA ke
ii  openvpn-blacklist 0.4list of blacklisted OpenVPN RSA sh

Versions of packages openvpn recommends:
ii  net-tools 1.60-23The NET-3 networking toolkit

Versions of packages openvpn suggests:
ii  openssl   0.9.8k-3   Secure Socket Layer (SSL) binary a
ii  resolvconf1.44   name server information handler

-- debconf information excluded


-- 
 .''`.   martin f. krafft madd...@d.o  Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)