openvpn routed and bridged

teddy mills teddy-5sHjOODPK7E at public.gmane.org
Fri Aug 7 16:44:18 UTC 2009


VPN clients connecting to an OpenVPN routed server can only talk to the 
OpenVPN server itself.

VPN clients connecting to an OpenVPN bridged clients can talk to 
everything on the remote LAN.

You say an OpenVPN bridged requires ends to be on the same subnet, and 
you use your laptop from a variety of locations.

I have not tested my OpenVPN bridge without portforwarding 1194/udp to 
my OpenVPN client. I do not think it will work without the 
portforwarding. (I have been known to be wrong before :)

If thats true, I can only connect to my OpenVPN bridge when I have 
access to the local router. (to portforward 1194/udp)

Fortunately I have another OpenVPN server that uses routed :)
If you need to work remotely to the office lan you gotta have bridged.

/teddy


James Knott wrote:
> teddy mills wrote:
>> I dont even bother changing the router.
>>
>> On both sides of the openvpn connection, openvpn-server and
>> openvpn-client I portforward 1194/udp.
>>
>> I pick any NAT address PC as the openvpn-server and on the other side,
>> any NAT address PC as a openvpn-client.
>>
>> I have done this with openvpn-bridge, so I would imagine the simpler
>> openvpn-routed would work in this fashion as well.
>>
>> I will post the way I use openvpn-setup bridge to tlug.
>> I use PCKS12, so I do not bother too much with all the other cert files.
> 
> I have considered doing that, but I'd prefer having the VPN on the
> router.  Also, I use a routed VPN rather than bridged.  IIRC, a bridged
> VPN requires both ends to be on the same subnet, which is not possible,
> as I use my VPN from a variety of locations.  With a routed VPN, I'd
> also have to run the DHCP server on a local computer, so that computers
> getting an IP address via DHCP can get the additional route.  The the
> DHCP servers in consumer level routers do not support anything beyond a
> default route.
> 
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list