Hello again. Have a perfectly working setup - so now I want to mess with it. Maybe.
Routed VPN, Linux OpenVPN server, server-side Mikrotik router is external to the VPN server. Clients connect and are able to access the server - and the server-side network, as I have configured IP forwarding on the server and added a route to the VPN on the router. So now...all of a sudden I started thinking (I was sitting down, I admit...). First - please confirm my assumption. Client connecting from whatever his own internal LAN/external internet IP address, but has a routed VPN IP assigned. Through the magic of IP, the client reaches my server-side router. The router knows to pass connections on port "X" to the VPN server. The VPN server decodes the packet and decides what to do. If the packet is NOT intended for the VPN server, but instead another server-side address, the packet gets forwarded. When THAT device responds - it tries to reply to the address of the VPN client. Since it doesn't know how to reach that network it looks to its default gateway - my router. Normally the router wouldn't know what to do with it - but since I've manually told it VPN addresses belong to the VPN server it sends it on - and then the VPN server encodes the response and passes it back to the router to send it back out via the Internet. Did I get that right? If that's the case...then it strikes me as inefficient and inelegant to have the server-side network responses bouncing to the router, back to the VPN server, and then back out the router. So...is there a way to eliminate that link in the chain? Some iproute2 or iptables magic? Or would I have to manually configure the VPN route on every server-side machine (which I might be able to do via my DHCP...)? Or as usual am I overthinking it and just leave it alone? -- Daniel ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
