On 06/04/17 16:59, Jan Just Keijser wrote:
> On 06/04/17 15:28, Kapetanakis Giannis wrote:
>>
>>
>> Without wanting to hijack this thread,
> well, you are... hence I've changed the subject
>> If someone uses the default net30 and wants to migrate to subnet 
>> topology
>> would there be conflicts with the following setup:
>>
>> server 10.0.0.0 255.255.255.0 (dynamic assignments)
>> and ccds like:
>> ifconfig-push 10.0.10.1 255.255.255.0 (static assignments)
>>
>> This kind of "different subnetting" works ok with net30. Will it 
>> still work with subnet?
>> How would clients reach server, since now you don't have local remote 
>> in --ifconfig-push
>>
>>
> you can make this kind of networking work in 'topology subnet' also, 
> but there might be some caveats.
> According to the OpenVPN man page, the statement
>   server 10.0.0.0 255.255.255.0
> is expanded to
>   mode server
>   tls-server
>   ifconfig 10.0.0.1 255.255.255.0
>   ifconfig-pool 10.0.0.2 10.0.0.254 255.255.255.0
>   push "route-gateway 10.0.0.1"
>
> so each client will be told that the gateway to send packets to is 
> 10.0.0.1; now you're adding a client outside of the regular 
> ifconfig-pool: that is perfectly OK, but you then need to tell the 
> *SERVER* that packets coming from 10.0.10.1/24 are OK: it might 
> actually be quicker to widen the subnet mask on the server tun adapter 
> to something that includes 10.0.10 also - but this applies in both 
> net30 and subnet mode, so how are you covering this now?
>
> Of course, an example like this is covered in my OpenVPN cookbook ;)
>
> HTH,
>
> JJK

I don't want to widen the /24 base network because like this dynamic 
clients might get IPs from my static net blocks.

In net30 now I also have
route 10.0.0.0 255.255.0.0

which does the job

G


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to