Re: [Openvpn-users] Consolidating client-specific routes into client-specific ccd/* breaks PINGs across VPN

Thu, 24 Jul 2014 10:20:14 -0700 

Hi Joe

On Thu, Jul 24, 2014, at 09:55 AM, Joe Patterson wrote:
> But, if for some reason you can't or really don't want to do that ...

Being a bit more specific abt my *goal* state ...

I will have a single SERVER.  It'll eventually have a config of:

        @VPN_SERVER
                IP(eth0) = "S.S.S.S"       external/WAN intfc
                         = 192.168.0.1
                         = 172.16.0.1
                         = 10.10.0.1
                IP(tun1) = 10.0.0.1        vpn tunnel   endpoint


There will be 3 CLIENTS

        @VPN_CLIENT_A
                IP(eth0) = "CA.CA.CA.CA"   external/WAN intfc
                IP(eth1) = "192.168.1.1"   internal/LAN intfc
                IP(tun1) = 10.0.0.2        vpn tunnel   endpoint

        @VPN_CLIENT_B
                IP(eth0) = "CB.CB.CB.CB"   external/WAN intfc
                IP(eth1) = "172.16.1.1"    internal/LAN intfc
                IP(tun1) = 10.0.0.3        vpn tunnel   endpoint

        @VPN_CLIENT_C
                IP(eth0) = "CC.CC.CC.CC"   external/WAN intfc
                IP(eth1) = "10.10.1.1"     internal/LAN intfc
                IP(tun1) = 10.0.0.4        vpn tunnel   endpoint


There will be servers on each client's LAN

        @LAN_A_SERVER
                IP(eth0) = "192.168.1.100" external/LAN intfc

        @LAN_B_SERVER
                IP(eth0) = "172.16.1.100"  external/LAN intfc

        @LAN_C_SERVER
                IP(eth0) = "10.10.1.100"   external/LAN intfc

As a nominal, 1st step, I want to make sure that I'll be able to:

        @VPN_SERVER, ping -> LAN_A_SERVER[192.168.1.100]
        @VPN_SERVER, ping -> LAN_B_SERVER[172.16.1.100]
        @VPN_SERVER, ping -> LAN_C_SERVER[10.10.1.100]

and

        @LAN_A_SERVER, ping -> @VPN_SERVER[192.168.0.1]
        @LAN_B_SERVER, ping -> @VPN_SERVER[172.16.0.1]
        @LAN_C_SERVER, ping -> @VPN_SERVER[10.10.0.1]

Obviously, gotta get the routes complete & correct!

I'd *ALSO* like to keep things tidy, ala

        @SERVER

                main config
                        ONLY server-specific conf
                ccd/clientA.conf
                        ALL/ONLY Client_A-/LAN_A-specific conf
                ccd/clientB.conf
                        ALL/ONLY Client_B-/LAN_B-specific conf
                ccd/clientC.conf
                        ALL/ONLY Client_C-/LAN_C-specific conf


> ... horrible cringe-worthy kluge that should be avoided by all sane people ...

so, I'm strangely drawn to that! ;-)

Though, for for the sake of correctness, if not sanity. I'd like to hear a bit 
more re: approaches to doing THAT ^^ *AND* keeping config neat & tidy.

PG

------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to