but how can we select the tunX interface to add a Static Route to the openvpn interface? Or do we have to add it to the lan interface static routing table?? the problem is that we have a subnet behind the openvpn client that we want
to reach?
www.openvpn.net
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
2006/6/20, Alvaro Pietrobono <[EMAIL PROTECTED]>:
Yes, with OPENVPN you can route everythingbecause it create a point-to-point tunnel interface(tunX)within you can incapsulate all desidered traffic....but unfortunatelyit is incompatible with Cisco devices....I resolved the problem with one tunnel on cisco routerand 3 identicals tunnel that differ only for remote lan:1 for 192.168.0.0/161 for 10.0.0.0/81 for 172.16.0.0/16This configuration cover all private adresses andit's good for almost all the cases.~Alvaro----- Original Message -----From: Tunge2Sent: Tuesday, June 20, 2006 5:56 PMSubject: Re: [pfSense Support] ADD more routes to IPsec Tunneland what about openvpn? is it possible to route without having to add separate tunnels for every different subnet?
2006/6/20, Eric Masson <[EMAIL PROTECTED]>:"Scott Ullrich" < [EMAIL PROTECTED]> writes:
Hi Scott,
> You need to bind up tunnels for each subnet that you want to use. No
> real easy way to add routes through the tunnels.
Another way could be to use IIPtran from rfc3884 :
http://rfc.net/rfc3884.html
Regards
Éric Masson
--
supprimer ce groupe serait complètement stupide et par ailleurs
le pur produit d'un dino ayant ses règles
-+- J in Guide du Neuneu Usenet : Ovide pare et Mamie ferre. -+-
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]