Fist of all: You should reply to the List & Me to keep the mailinglist
up2date.
Am 11.12.2009 12:50, schrieb dorian:
> See below:
>>> Anyway I would be obliged id you explain me what for is "multi yes"
>>> parameter in the server config?
>>
>> With "multi yes" any client can connect to the VPN-Server with the
>> same "profile" and "password". How IPSEC do with the same
>> Authentication-Key. Thats ok, when only you have the control about
>> all, but it is highly recommended to create 1 profile for each
>> connection.
>>
> Not quite true.
> I've setup 2 Linksys in the same way (same session, password, etc)
> The only difference were the internal (tunnel) IPs which were 172.16.0.2
> & 172.16.0.3.
> The first Linksys established tunnel correctly.
> But after switching on the second device I've got the message:
> "Can't allocate tap device tap0. Device or resource busy(16)".
change the profile declaration "device tap0" to "device tap" and let
vtun increment your tap-devices.
> Removing profile declaration "device tap0" rescue the matter but each
> Linksys creates its own tap then.
Correct, this is the right behaviour. Each tunnel needs a unique
tunnel-endpoint (tap0, tap1, tap2... tapN).
> So I do not see differences between:
> a) having two profiles with explicit declaration of "device tapN" and
> "multi killold"
> and
> b) having one profile without "device tap0" and with "multi on"
> What is more the (a) is bette since I am controlling the name of the tap
> device.
Create one profile per connection for security reasons. You can tell
vtun to create an explicit "device tapN" or let vtun increment the
tap-device "device tap" automaticly.
I my topology i have one profile for each client and use "device tap". I
don't care about the device allocation. You can see the device-names to
each connection-profile-association by running "ps ax | grep 'vtun'"
> Therefore I wrote previously that I didn't see the sense of "multi on
With "multi-on" and "device tap" you can connect as many clients you need.
With the following profile-configuration:
up
{
program "/sbin/ip link set dev %% up";
program "/sbin/ip addr add 0.0.0.0 dev %%";
program "/sbin/brctl addif vpnbr %%";
};
down
{
program "/sbin/brctl delif vpnbr %%";
};
All clients will bridged together.
------------------------------------------------------------------------------
Return on Information:
Google Enterprise Search pays you back
Get the facts.
http://p.sf.net/sfu/google-dev2dev
_______________________________________________
Vtun-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/vtun-users
