A humble request for help.
Situation:
I have 3 offices and 20+ roaming users, all connected over openvpn to my downtown office.
All users need access to downtown AND hollywood offices.
The hollywood office has a /ccd file and I can access all of the computers behind it easily from my downtown office (the server) I CAN NOT access the computers in the hollywood office (behind the openvpn client) from the other clients.
client-to-client is enabled.
I would like to avoid bridging because 1.) our network is instable, and a bridge over a broken network does not fail gracefully. 2.) even working right, I don't want to pass ALL traffic through my office.
I BELIEVE This means I need to push routes out for both of these subnets.
The problem is that the hollywood office is a client as well. Does this mean I should be pushing a route for it's local subnet to it as well, (since routes are pushed from the server config and not client configs) and just trust that proper subnet masking will stop it from passing its own traffic upstream and creating a network shitstorm?
Looking over the openvpn howto, and the ccd files, I don't see a means of only pushing routes dependent on clients.
can I take the route pushes out of the server.conf and put them into ccd files?
can I somehow do this in the client.conf file I give out with keys?
(if it matters, both vpn server and hollywood office client are debian etch. most roaming clients are osx with tunnelblick)
Any help or pointers greatly appreciated.
Thanks.
James Barros PHP Geek, Apple Admin, Fixer of Mini's, Breaker of other things and defender of justice.
|