|
|
On Mon, 2004-01-05 at 10:51, Doug Lytle wrote: > I don't know, I set out to route. > > I've gotten a couple complaints of how this wastes address space, so > I've talked to our network administrator and asked if there was a way to > reduce the waste of the address space. He said I could use a > 255.255.255.252 subnet mask: > I did this for the tun devices I set up. In the docs, it says that Windows tun devices must use a subnet with a 255.255.255.252 subnet, using the middle pair of addresses. Haven't tested this from Windows, though. I used a private VPN address space of 10.192.0.0/30 for these devices, because it seems almost all of the home broadband devices use a 192.168.* subnet, and I thought I would completely eliminate a chance of conflicts by using something away from that. Of course, if you use a 10.0.0.0/8 private network, this won't work... For assigning the actual addresses, this level of subnet made for an easy formula for determining the correct IP address: - for the server side, take the tun device number, multiply by 4, and add 1. tun0 = 10.192.0.1, tun1 = 10.192.0.5, tun2 = 10.192.0.9, etc. - for the client side, take the tun device number, multiply by 4, and add 2. remote connection for tun0 = 10.192.0.2, tun1 = 10.192.0.6, tun2 = 10.192.0.10. Add a return route to the main router, directing 10.192.0.0/24 to the openvpn gateway, and you're in business. Is there an advantage to using tap devices in a routed configuration? -- John Locke Open Source solutions for small business problems http://freelock.com ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |