2006/6/21, Scott Ullrich <[EMAIL PROTECTED]>:
You don't. You need to nail up a connection for each subnet.
Scott
On 6/21/06, Tunge2 < [EMAIL PROTECTED]> wrote:
>
> but how can we select the tunX interface to add a Static Route to the
> openvpn interface? Or do we have to add it to the lan interface static
> routing table?? the problem is that we have a subnet behind the openvpn
> client that we want to reach?
>
> www.openvpn.net
> # EXAMPLE: Suppose the client
> # having the certificate common name "Thelonious"
> # also has a small subnet behind his connecting
> # machine, such as 192.168.40.128/255.255.255.248 .
> # First, uncomment out these lines:
> ;client-config-dir ccd
> ;route 192.168.40.128 255.255.255.248
> # Then create a file ccd/Thelonious with this line:
> # iroute 192.168.40.128 255.255.255.248
> # This will allow Thelonious' private subnet to
> # access the VPN. This example will only work
> # if you are routing, not bridging, i.e. you are
> # using "dev tun" and "server" directives.
>
>
> 2006/6/20, Alvaro Pietrobono < [EMAIL PROTECTED]>:
> >
> >
> >
> > Yes, with OPENVPN you can route everything
> > because it create a point-to-point tunnel interface(tunX)
> > within you can incapsulate all desidered traffic....but unfortunately
> > it is incompatible with Cisco devices....
> > I resolved the problem with one tunnel on cisco router
> > and 3 identicals tunnel that differ only for remote lan:
> > 1 for 192.168.0.0/16
> > 1 for 10.0.0.0/8
> > 1 for 172.16.0.0/16
> > This configuration cover all private adresses and
> > it's good for almost all the cases.
> >
> > ~Alvaro
> >
> >
> >
> >
> > ----- Original Message -----
> > From: Tunge2
> > To: [email protected]
> > Sent: Tuesday, June 20, 2006 5:56 PM
> > Subject: Re: [pfSense Support] ADD more routes to IPsec Tunnel
> >
> > and what about openvpn? is it possible to route without having to add
> separate tunnels for every different subnet?
> >
> >
> > 2006/6/20, Eric Masson <[EMAIL PROTECTED]>:
> > > "Scott Ullrich" < [EMAIL PROTECTED]> writes:
> > >
> > > Hi Scott,
> > >
> > > > You need to bind up tunnels for each subnet that you want to use. No
> > > > real easy way to add routes through the tunnels.
> > >
> > > Another way could be to use IIPtran from rfc3884 :
> > > http://rfc.net/rfc3884.html
> > >
> > > Regards
> > >
> > > Éric Masson
> > >
> > > --
> > > supprimer ce groupe serait complètement stupide et par ailleurs
> > > le pur produit d'un dino ayant ses règles
> > > -+- J in Guide du Neuneu Usenet : Ovide pare et Mamie ferre. -+-
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
