On 06/04/17 15:28, Kapetanakis Giannis wrote:
>
>
> Without wanting to hijack this thread,
well, you are... hence I've changed the subject
> If someone uses the default net30 and wants to migrate to subnet topology
> would there be conflicts with the following setup:
>
> server 10.0.0.0 255.255.255.0 (dynamic assignments)
> and ccds like:
> ifconfig-push 10.0.10.1 255.255.255.0 (static assignments)
>
> This kind of "different subnetting" works ok with net30. Will it still work 
> with subnet?
> How would clients reach server, since now you don't have local remote in 
> --ifconfig-push
>
>
you can make this kind of networking work in 'topology subnet' also, but 
there might be some caveats.
According to the OpenVPN man page, the statement
   server 10.0.0.0 255.255.255.0
is expanded to
   mode server
   tls-server
   ifconfig 10.0.0.1 255.255.255.0
   ifconfig-pool 10.0.0.2 10.0.0.254 255.255.255.0
   push "route-gateway 10.0.0.1"

so each client will be told that the gateway to send packets to is 
10.0.0.1; now you're adding a client outside of the regular 
ifconfig-pool: that is perfectly OK, but you then need to tell the 
*SERVER* that packets coming from 10.0.10.1/24 are OK: it might actually 
be quicker to widen the subnet mask on the server tun adapter to 
something that includes 10.0.10 also - but this applies in both net30 
and subnet mode, so how are you covering this now?

Of course, an example like this is covered in my OpenVPN cookbook ;)

HTH,

JJK


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to