[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: [Openvpn-users] Openvpn on openbsd, ifconfig-push problems

Subject: Re: [Openvpn-users] Openvpn on openbsd, ifconfig-push problems
From: Klaus Thielking-Riechert <klaus.thielking-riechert@xxxxxxxxxx>
Date: Sun, 13 Nov 2005 11:33:25 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John,

you wrote some days ago:

> This certainly seems to match with what i'm seeing - if you take a look
> at the routing tables in my original mail, they seem to describe exactly
> what you are talking about.
> 
> If i was to push addresses in the 10.8.0.0/24 range, i'd run into
> problems for windows clients, which i understand require a /30 subnet
> mask. Again, if i understand it, this would effectively mean that if
> 10.8.0.1 is the only ip address of the router, then i could only push
> 10.8.0.2 as a client address.

no, thats not the way it works. James explained the exact behaviour of
such a tunnel server in the FAQ at http://openvpn.net/faq.html#slash30

> What i'd like is a setup whereby i can assign specific ip addresses to
> users, most of which will be windows users. Clearly, my first attempt to
> do this was wrong - can you let me know how it should be done, assuming
> it can? If it can't then i'll just use the standard dhcp solution, but
> i'm hoping that's not the case.

I don't know how much users you have but for this requirement you can do
it like this:

- - take a pool for the server as you did like

  server 10.8.0.0 255.255.255.0

- - generate a certificate for each client (of course, with different
  common names)

- - use the 'client-config-dir' with a file for every common name (which
  is like a pointer to a specific client) and configure different
  'ifconfig-push' options in it (example: 'ifconfig-push 10.0.8.13
  10.0.8.14')

- - use the option 'ccd-exclusive' in your config file to ensure that only
  clients could connect which have a file in the client-config-dir
  related to their common name.

I believe this should do your requested job.

Best regard,

  Klaus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDdxZ1/SPLoBnZGK0RApQqAKCGrEMap1vOYRlhJp06qthgh5SbcgCdEAW4
w9c3TPvQTYaozWU+0NO8IcA=
=N1TI
-----END PGP SIGNATURE-----

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Follow-Ups:
- Re: [Openvpn-users] Openvpn on openbsd, ifconfig-push problems
  - From: Klaus Thielking-Riechert

References:
- [Openvpn-users] Openvpn on openbsd, ifconfig-push problems
  - From: John Allman
- Re: [Openvpn-users] Openvpn on openbsd, ifconfig-push problems
  - From: Klaus Thielking-Riechert
- Re: [Openvpn-users] Openvpn on openbsd, ifconfig-push problems
  - From: John Allman

Prev by Date: [Openvpn-users] cluster problem
Next by Date: Re: [Openvpn-users] Openvpn on openbsd, ifconfig-push problems
Previous by thread: Re: [Openvpn-users] Openvpn on openbsd, ifconfig-push problems
Next by thread: Re: [Openvpn-users] Openvpn on openbsd, ifconfig-push problems
Index(es):
- Date
- Thread