[EMAIL PROTECTED] wrote:
im trying to set this up myself as well, and im getting lost with the ip addresses in this example.. i.e. which is the address that the client gets when he connects? which network is the server on? i.e. is the server interface thats listening for the vpn connections on 10.1.0.0/16 ? what is this 10.2.0.0 network?
In this case, mysvr is 10.1.1.1 and myclient is 10.2.1.1. There are lots of 10.1.x.y machines NAT-ted behind mysvr. And there are lots of 10.2.x.y machines NAT-ted behind myclient. I am using openvpn to bridge these two networks together. That is, one of them is my office and the other one is our sister office in another state. OpenVPN seems to be used to two different scenarios: (1) bridging two networks together, like what I have shown here (2) "road warrior" mode, where one user takes one PC on the road and tried to get into his home network. (1) bridging office 10.1 and office 10.2 10.1.1.2--+ at home at work +--10.2.1.2 10.1.1.3--+------10.1.1.1~~~~(vpn)~~~~10.2.1.1------+--10.2.1.3 10.1.1.4--+ mysvr myclient +--10.2.1.4 10.1.1.5--+ +--10.2.1.5 (2) "road warrior", accessing home while you're on the road 10.1.1.2--+ at home on the road 10.1.1.3--+------10.1.1.1~~~~(vpn)~~~~10.2.1.1 10.1.1.4--+ mysvr myclient 10.1.1.5--+ The only difference between bridging and "road warriors" is whether or not the client is acting as a gateway for all of the machines that are on his local network. If you are just trying to access your home network from your office (and not trying to use that same link for your kids at home to hack into your office computers), then you are a road warrior. So get rid of the lines that say "client_config_dir" "route 10.2.0.0 255.255.0.0" (which tells openvpn to route all traffic destined to 10.2.x.y through the client). -- One other thing that might be confusing is the way that openvpn uses the 10.99.x.y addresses. It will assign a 10.99.x.y address to the client and to the server. These are only used internally by the openvpn program itself. If you had five VPN clients connected to your server, the server would have 5 of these internal IP addresses assigned to it, and each server would have one. You don't really need to pay any attention to them, but you must be careful to pick a subnet that's not going to get in your way. So I chose 10.99.x.y. -- Sorry my earlier posting was brief... I saw that I had a how-to file, and I forgot how sketchy it was on details. But like I said in my first post, the hardest part is picking your IP's and your naming conventions. Alan . -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
