[Openvpn-devel] How to route without splitting the network into a /30?

Sat, 06 Jun 2009 11:35:50 +0000 

Hello guys,

I would like to route with OpenVPN with public IPs. My setup works fine
now, however every client get a dedicated /30 network segment instead of
the /28 allowed. This of course means that I waste too many IPs as every
client get its own gateway, and so on.
I don't want to use Tap for this.


Here is my config:
plugin /usr/lib/openvpn/openvpn-auth-pam.so login
local x.x.3.100
port 1194
proto udp
dev tun
ca ca.crt
cert x-vpn.crt
key x-vpn.key
dh dh1024.pem

server x.x.2.16 255.255.255.240

push "route x.x.2.0 255.255.255.0"
#push "route x.x.3.100 255.255.255.248"

push "redirect-gateway def1"
push "dhcp-option DNS x.x.2.3"
push "dhcp-option DOMAIN ekanet.net"
push "dhcp-option ROUTERS x.x.3.97"
#client-config-dir ccd
#route 10.0.0.0 255.255.255.0

client-to-client
duplicate-cn

keepalive 10 120

comp-lzo

user openvpn
group openvpn

persist-key
persist-tun
verb 1
username-as-common-name
tmp-dir /dev/shm
client-cert-not-required



Thanks in advance.

Best regards,
Emrah

Reply via email to