You don't. You need to nail up a connection for each subnet.
Scott On 6/21/06, Tunge2 <[EMAIL PROTECTED]> wrote:
but how can we select the tunX interface to add a Static Route to the openvpn interface? Or do we have to add it to the lan interface static routing table?? the problem is that we have a subnet behind the openvpn client that we want to reach? www.openvpn.net # EXAMPLE: Suppose the client # having the certificate common name "Thelonious" # also has a small subnet behind his connecting # machine, such as 192.168.40.128/255.255.255.248. # First, uncomment out these lines: ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 # Then create a file ccd/Thelonious with this line: # iroute 192.168.40.128 255.255.255.248 # This will allow Thelonious' private subnet to # access the VPN. This example will only work # if you are routing, not bridging, i.e. you are # using "dev tun" and "server" directives. 2006/6/20, Alvaro Pietrobono <[EMAIL PROTECTED]>: > > > > Yes, with OPENVPN you can route everything > because it create a point-to-point tunnel interface(tunX) > within you can incapsulate all desidered traffic....but unfortunately > it is incompatible with Cisco devices.... > I resolved the problem with one tunnel on cisco router > and 3 identicals tunnel that differ only for remote lan: > 1 for 192.168.0.0/16 > 1 for 10.0.0.0/8 > 1 for 172.16.0.0/16 > This configuration cover all private adresses and > it's good for almost all the cases. > > ~Alvaro > > > > > ----- Original Message ----- > From: Tunge2 > To: support@pfsense.com > Sent: Tuesday, June 20, 2006 5:56 PM > Subject: Re: [pfSense Support] ADD more routes to IPsec Tunnel > > and what about openvpn? is it possible to route without having to add separate tunnels for every different subnet? > > > 2006/6/20, Eric Masson <[EMAIL PROTECTED]>: > > "Scott Ullrich" < [EMAIL PROTECTED]> writes: > > > > Hi Scott, > > > > > You need to bind up tunnels for each subnet that you want to use. No > > > real easy way to add routes through the tunnels. > > > > Another way could be to use IIPtran from rfc3884 : > > http://rfc.net/rfc3884.html > > > > Regards > > > > Éric Masson > > > > -- > > supprimer ce groupe serait complètement stupide et par ailleurs > > le pur produit d'un dino ayant ses règles > > -+- J in Guide du Neuneu Usenet : Ovide pare et Mamie ferre. -+- > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > >
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
