On Mon, Aug 19, 2013 at 06:27:58PM +1000, Zenaan Harkness wrote: > Read again this part of the OpenVPN man page which you pasted: > "the proper usage of --ifconfig is to use two private > IP addresses which are not a member of any existing > subnet which is in use" > > Notice "two private IP addresses", eg 10.1.1.1 and 10.1.1.2. > Also, it should say elsewhere in the openvpn manpage, that > these IPs ought be in the same subnet. > > Use of a public IP address here is bound to cause problems, both > networking, and security problems.
I agree. > > man pppd however (looking at it now) says near the top "The pppd > daemon works ... to negotiate Internet Protocol (IP) addresses for > each end of the link". > > The key is, each end has a separate IP. Yes. So from all this, what I said still stands. The laptop would get a private address from the VPN. The public address assigned to the laptop would actualy be configured on the VPS, and the VPS would be doing NAT between the private address of the laptop, and the public address assigned to the laptop, but configured on the VPS itself. In a nutshell, the laptop would have a private address assigned to it, but all traffic to and from the laptop would actually be using the public address assigned to it, which itself would be configured on the VPS. Greg -- web site: http://www.gregn..net gpg public key: http://www.gregn..net/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) -- Free domains: http://www.eu.org/ or mail dns-mana...@eu.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130819225804.ga10...@gregn.net
