Hi, On Mon, Aug 21, 2023 at 06:40:04AM +0000, Jason Long wrote: > You said "This is not what I would have - I'd have a public IP address on the > NIC,or 2, or 3.", does that mean you assign a separate network card for each > IP address? If yes, then if your server is physical, the number of your > network cards is limited.
One public IP address, or 2 public IP addresses, or 3 public IP addresses.
I wouldn't use any NAT constructs, because that just adds complications.
> When I use "multihome" statement, then OpenVPN listen to the all IP addresses
> that set on my server. For example, if my server has three IP addresses, then
> I can use them in the client configuration file. Am I right? If yes, then in
> this situation my firewall rules associates NICs to OpenVPN IP ranges.
OpenVPN always listens on all IP addresses, unless told with --local to
listen just on one address.
--multihome ensures that, for UDP VPN, OpenVPN replies with the correct
source address to match the incoming packet from the client.
> When you create a virtual NIC in the FreeBSD, then can you ping a target by
> its name via that virtual NIC?
"name" is a DNS thing. So yes, when I put the IP addresses into DNS, I
can use names to address them.
Whether or not an IP address is pingable depends on correct routing on
all components on the (indended) packet path, and on firewall rules. This
has nothing to do with names, or virtual/real NICs.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
