Re: Routing between multipule Tunnels

On Wednesday 30 June 2004 18:11, Ralph Paßgang wrote:
> Am Mittwoch, 30. Juni 2004 19:33 schrieb Murray Thomson:
> > I want to  set up a spider topology with OpenVPN. OpenVPN server A has
> > an OpenVPN tunnel to each of Servers B, C and D each with their own
> > subnet.
> >
> > The problem is that from Server B,C or D I can not communicate with any
> > server other thatn A. From A however I can reach S,C and D and any
> > station on their respective subnets. Also from a station on subnet A I
> > can also get to B, C and D and also on their respective subnets.
> >
> > For some reason I cannot get from one of the arms streight through the
> > main server and back out again.
> >
> > Does anyone know it this is not a workable topology or is there
> > something else I need to do to make this fly.
>
> Like the others said... Normal routing should be enough.
>
> So you have to set the routes to each client (and maybe the net behind the
> vpn client) on the Server A.
>
> This should already be correct, because you can communicate with all
> clients from your server.
>
> But you also have to set the correct routes on the clients for each other
> client net.
>
> So on Client B you also have to set a route to C and D via the server A.
> on Client C you have to set a route to Client B and D via server A.
> and so on...
>
> If this doesn't help, please check the firewalls on each side. Maybe you
> just missed the correct "forwarding" rule.
>
> You also have to set the ip_forward flag, so that the packet forwarding is
> enabled.

The new 2.0 server mode features are well-suited for setting up star 
topologies.

You can basically start with the sample configs in the release notes, where 
the server lies at the center of the star.

You would then add "client-to-client" so that each arm could communicate with 
the other arms of the star.

If the arms of the star have their own subnets behind them, you would use 
"iroute" along with "client-config-dir" to configure this.  You would also 
want to push these routes from server to clients, so that each client would 
be able to access other clients' subnets.

James


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com