Hi, On Wed, Sep 01, 2010 at 10:38:01AM +0200, Eike Lohmann wrote: > We are working with static assignments and if the 2 networks are side by > side I can recompile the code and define a larger mask. > > We don't have client-2-client and didn't use the ifconfig-pool.
In that case, all this doesn't really matter. Just add as many "route"
and "push route" statements as you have networks. (There's no size limit
for "route").
The limitation in the "server" statement for the network is there
because it implicitely defines the ifconfig-pool - "server" is a macro
that translates "server <base-ip> <netmask>" to
mode server
tls-server
push "topology <xxx>"
ifconfig <base-ip +1> <base-ip +2>
ifconfig-pool <base-ip + 4> <last-ip-4>
push "route <base-ip> <netmask>"
So for your setup, you could do:
# first network, used for tun on server and for pool (if needed)
server 172.16.0.0 255.255.0.0
# second network: routed to openvpn process, available for ifconfig-push
route 10.1.0.0 255.255.0.0
push "route 10.1.0.0 255.255.0.0"
# third network
# ...
(this is the lazy way, still using "server" with the first network, but
you could indeed do it without any pool on the server side by explicitely
spelling everything out that "server" configures for you)
> Is this also working if I have 2 networks far away from each other (10.x
> and 192.168.x), with defining a 'all your base belong to us' netmask in
> the code e.g. 0.0.0.0 :)
No, because then OpenVPN would signal the Linux side "the internet is
behind OpenVPN, route everything to me!".
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpGWXf5UBzUY.pgp
Description: PGP signature
