|
|
On Fri, 3 Dec 2004 13:32:16 -0500, Dick St.Peters <stpeters@xxxxxxxxxxxxx> wrote: > Leonard Isham writes: > What I said is 100% accurate. There is no need to split the subnet. > > Say your LAN runs 192.168.0.0/24 and your OpenVPN server is at > 192.168.0.50, with a tunnel to a roadwarrior with the tunnel IPs being > 192.168.0.51 at the server end and 192.168.0.52 at the roadwarrior > end. If another system on the LAN arps for the roadwarrior's > 192.168.0.52 IP, the OpenVPN server will respond with its own MAC > address. The other system will send packets for the roadwarrior to the > OpenVPN server, which will route them to the roadwarrior. > > Obviously, you can't assign the roadwarrior any IP already in use, but > this is no different from having it directly attached to the LAN. > > If a piece of the subnet, say 192.168.0.128/27, is routed by the > OPenVPN server to the roadwarrior, the server will respond to arps for > any address in that piece. > > You do need to have proxy arp enabled on the OpenVPN server's LAN > interface, but this is trivial for Linux and probably other *NIX as > well. (Probably a sysctl for *BSD) > I remember you now your running what I would call a point to multipoint with *nix systems. I don't think that this would work with any Windows in the mixture. -- Leonard Isham, CISSP Ostendo non ostento. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |