[lug] Wanted: Help with openvpn
David L. Anselmi
anselmi at anselmi.us
Mon Aug 7 21:31:36 MDT 2006
siegfried wrote:
> David Anselmi wrote:
>> I would say that you should get it working on your LAN first, then see
>> about moving it off site. Assuming you're on a 10/24 LAN:
>
>> 10.0.0.2 - your computer
>> 10.0.0.3 - the slug (uses port 1194 for openvpn)
>>
>> 10.0.1.2 - your computer's VPN IP (the tun device)
>> 10.0.1.3 - the slug's VPN IP (tun device)
>>
> I tried that but concluded that openvpn won't work within a LAN because of
> conflicting (overlapping or duplicate) IP address. Perhaps I concluded
> wrong? I'll try it again if it is supposed to work.
That's why I said:
> You might want to pick something random for the VPN network (10.0.1.0
> above). It can't match any of the other networks you use if you want
> to keep your sanity.
You don't want the VPN address pool to overlap any others either end of
the connection knows about. That means addresses that you'll never want
to talk to ever. So public addresses are out and any private addresses
that are reachable on either end of the VPN.
>>siegfried wrote:
>>[...]
>>
>>>When I am at Café Sole:
>>>
>>>1. I cannot ping my home desktop machine (10.169.1.8) in routing mode.
>
>
>>Because your home router (10.169.6.1) doesn't route between 10.169.6.0
>>and 10.169.1.0 is my guess.
>
>
> Yes but my mask for my home lan is 255.255.0.0. Should that not alleviate
> and routing problems? Is there something else I have to set?
Ugg. See above about overlapping addresses. If the server's netmask is
/16 then it can't tell what goes out the LAN and what goes out the tun
device.
[...]
> Yes -- as you can see I added a push command. I did not really understand
> this step so I could have gotten it wrong. I tried to mimic the example the
> best I could.
You added the push command to make a route to a /24 network that's part
of your /16 LAN. That can be done but it will make you crazy (if it
hasn't already ;-)
Dave
More information about the LUG
mailing list