On 2/26/2015 1:01 AM, Gert Doering wrote: > On Wed, Feb 25, 2015 at 03:30:32PM -0700, Shawn Heisey wrote: >> * Can I achieve the precise requirements I'm looking for, either with >> OpenVPN or another software package? > > Yes, but you need to understand "routing" first. If it's not the same > subnet left and right, you don't use briding, but routing - so you need > to have a dedicated box that is "the router", talking to "the router" on > the other side, and all the machines in subnet A need to understand that > they can reach subnet B via "the router" (in their local subnet).
My background is strong in Cisco and the Internet in general. I *hope* that I have a decent understanding of IP routing. Someone always knows more, of course. >> * If I can achieve the intent of what I want by adjusting my >> expectations a little, please let me know how. >> * Is there an existing HOWTO that covers what I'm trying to do? Can I >> look at two or more HOWTOs and combine the info for a full solution? > > There's an openvpn routing howto here: > > http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing > > (And: don't mix "IPSEC" with "OpenVPN". OpenVPN does not use IPSEC, > as that's not synonym for "encrypt traffic" but a very specific crypto > suite. OpenVPN is "SSL VPN") No offense was intended. I admit that I have not looked deeply enough at the technology to know exactly what it is that OpenVPN is doing. I'm looking for encryption that's completely transparent to programs, will work properly across multiple servers with IP multicast, and has relatively low computational overhead during most of its operation. SSL has a relatively high cost to establish a tunnel due to PKI with large keys, but if the tunnel is maintained, the encryption is fairly cheap in CPU terms. I glanced quickly at the routing howto you sent. It seems to be very lean on configuration info that I can actually use. I will read it in-depth after I complete my morning commute before I comment further. "Lean on configuration info that I can actually use" is the general problem I've run into while researching solutions. Everything I've come across seems to apply to a slightly different problem than I'm actually trying to solve, and ultimately has proven useless. If this community can help me piece together a solution from what's already out there and your expertise, I will write the whole thing up and post it on my blog, with permission to this community to re-use it in any way you wish. Thanks, Shawn ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
