On 06/04/17 15:28, Kapetanakis Giannis wrote: > > > Without wanting to hijack this thread, well, you are... hence I've changed the subject > If someone uses the default net30 and wants to migrate to subnet topology > would there be conflicts with the following setup: > > server 10.0.0.0 255.255.255.0 (dynamic assignments) > and ccds like: > ifconfig-push 10.0.10.1 255.255.255.0 (static assignments) > > This kind of "different subnetting" works ok with net30. Will it still work > with subnet? > How would clients reach server, since now you don't have local remote in > --ifconfig-push > > you can make this kind of networking work in 'topology subnet' also, but there might be some caveats. According to the OpenVPN man page, the statement server 10.0.0.0 255.255.255.0 is expanded to mode server tls-server ifconfig 10.0.0.1 255.255.255.0 ifconfig-pool 10.0.0.2 10.0.0.254 255.255.255.0 push "route-gateway 10.0.0.1"
so each client will be told that the gateway to send packets to is 10.0.0.1; now you're adding a client outside of the regular ifconfig-pool: that is perfectly OK, but you then need to tell the *SERVER* that packets coming from 10.0.10.1/24 are OK: it might actually be quicker to widen the subnet mask on the server tun adapter to something that includes 10.0.10 also - but this applies in both net30 and subnet mode, so how are you covering this now? Of course, an example like this is covered in my OpenVPN cookbook ;) HTH, JJK ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
