|
|
That's a bit of a problem. This is what I need: 1. The clients connecting to the vpn server should be able to communicate with each other like they are on the same Ethernet, including UDP broadcasts etc. Following the FAQ on openvpn.net I need bridging to support this. 2. The clients connecting to the vpn server should be able to reach the LAN the server is on, but the clients aren't allowed to have an ip in the server's range. So there needs to be some sort of NATing all VPN traffic to the local address of the OpenVPN machine for network traffic which leaves the OpenVPN machine for the local net. So how can I achieve this? In my opinion to solve the first problem I need a bridged VPN, and assign the clients an ip from a private range. In case I choose a routed VPN I won't be able to solve the first problem. -Is it possible to solve both problems with just 1 VPN, or do I need 2 servers? -With the bridged vpn and a private client ip range, most of the stuff seems to work fine. Can't I just add something that takes care of the clients' traffic ment for the server's LAN? -Is anyone able to point in the right direction? On 1/1/07, Marcel de Reuver <marcel@xxxxxxxxxxxxx> wrote: > Joris Kinable wrote: > > -Clients are unable to reach systems on the server network. Remember > > that I'm NOT allowed to assign the clients an ip in the same range the > > server is in (130.90.0.0/16)(that's why I assigned the clients an ip > > on the private range 10.8.0.50-10.8.0.100)! So in some sort of way if > > a client wants to connect to a system on the servers' network, the > > server needs to send the request and when he receives the reply, he'll > > need to figure out to which client he needs to forward it. So what I'm > > trying to explain is that the server is the only entrance into the > > network he's on. I think you can compare it with a NAT router with 1 > > WAN ip and loads of clients on the LAN side. Can someone tell me how I > > can achieve this or give me a direction to search? > > > > From the website op OpenVPN: > > /"Ethernet bridging/ essentially involves combining an ethernet > interface with one or more virtual TAP interfaces and bridging them > together under the umbrella of a single bridge interface. Ethernet > bridges represent the software analog to a physical ethernet switch. The > ethernet bridge can be thought of as a kind of software switch which can > be used to connect multiple ethernet interfaces (either physical or > virtual) on a single machine while sharing a single IP subnet. > > By bridging a physical ethernet NIC with an OpenVPN-driven TAP interface > at two separate locations, it is possible to logically merge both > ethernet networks, as if they were a single ethernet subnet." > > So bridging is all about workstations on the same IP-subnet. If you > cannot give your VPN clients an ip-address in the same ip-range there is > no bridging possible, only routing. Therefor server and clients in > segment 130.90.0.0/16 must know the route to your private ip-range. > > ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |