The default route is per subnet. If you have a machine with multiple subnets where you are doing internal (to the server) routing between the subnets you can have a single "last resort" default gateway for all ports in the internally routed ranges.
If you are doing no internal routing in the server, i.e. eth0 and eth1 can't even ping each other, then you need one default gateway per subnet as the two ports and devices on the ranges cannot communicate with each other. The tickier solution is where you have a server with multiple ranges that don't talk to each other but you have set up the gateway to adversise multiple external ranges via BGP or some other routing protocol, but I don't think that is what is going on here. You can get real complex with this stuff but I really do try to follow the good, old KISS principal whenever possible. Greg
Are you sure about that? It seems like a default route would be per-machine. That's the role it serves - if I don't know where this packet goes, shove it here and this guy will know what to do with it. I can't speak from experience though as I've never had two networks with a route to the public Internet, and had to sit services on different ones. What I do know is that you will need to bind OpenVPN to one IP rather than listening on all interfaces. I don't know OpenVPN's specific way of doing this, but it'll be an option in the config file, or something along those lines. -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
