Re: [Openvpn-users] Options error: Unrecognized option or missing or extra parameter(s)

Mon, 31 Jul 2023 23:00:02 -0700 

On Mon, 31 Jul 2023 21:51:43 +0200, Gert Doering <g...@greenie.muc.de> wrote:

>Hi,
>
>On Mon, Jul 31, 2023 at 09:11:31PM +0200, Bo Berglund wrote:
>> On Mon, 31 Jul 2023 18:52:07 +0000 (UTC), Jason Long via Openvpn-users
>> <openvpn-users@lists.sourceforge.net> wrote:
>> 
>> >What is the usage of the "client-to-client" and "iroute"?
>> 
>> client-to-client:
>> if you would like connecting clients to be able to reach each other over the
>> VPN. By default, clients will only be able to reach the server.
>
>This is not fully correct.
>
>client-to-client means "the OpenVPN server will route packets between
>clients directly".  If this is not set, packets will be routed via the
>Server's IP stack ("Linux tun interface"), so you can use iptables to
>control connectivity between clients - but if iptables permit (and 
>"forward_ip" is enabled on the server!) clients can still talk.
>

OK,
in my use case I set up a VPN server on a public IP with the sole purpose to act
as a connection point between an IoT device running on a LAN with no public IP
available which we needed to access in order to configure, control and retrieve
data from.

The solution was:
- Set up an OpenVPN server with a dyn-DNS address on the public side.
- Configure it to only allow client-to-client connections (so no other routing)
- Use the ccd system to assign specific tunnel addresses to each device when
connecting
- Make the IoT device connect to the VPN as part of the boot sequence

Now we can connect our PC to the same VPN and then connect to the device(s)
using their known tunnel addresses.

This works like a charm. :-)


-- 
Bo Berglund
>Developer in Sweden



Hello,
Great.
What is the correct syntax of 
push "dhcp-option dns 172.20.1.2" for Windows OS client?


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to