configuratin check

This is where we can discuss what we would like to see added or changed in OpenVPN.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
the pill man
OpenVpn Newbie
Posts: 4
Joined: Mon Feb 22, 2016 5:01 pm

configuratin check

Post by the pill man » Tue Feb 23, 2016 10:51 pm

Hi!
I need opinion (and advice) for my vpn network:

idea:

vpn1 server 10.1.1.1--------I----client 10.1.1.5(for vpn1)/10.2.1.5(for vpn2)/10.3.1.5(for vpn3) with subnet 172.16.55.xxx
vpn2 server 10.2.1.1--------I----client 10.1.1.9(for vpn1)/10.2.1.9(for vpn2)/10.3.1.9(for vpn3) with subnet 172.16.56.xxx
vpn3 server 10.3.1.1--------I----client 10.1.1.13(for vpn1)/10.2.1.13(for vpn2)/10.3.1.13(for vpn3) with subnet 172.16.57.xxx

Every client have multiple vpn instances so he can route it's subnet to every server.
Every client can see each other.

My dilema is in ccd folder, because every server advertise himself for same subnets
vpn1 says
ifconfig-push 10.1.1.9 10.1.1.10
iroute 172.16.55.0 255.255.255.0

vpn2 says
ifconfig-push 10.2.1.9 10.2.1.10
iroute 172.16.55.0 255.255.255.0
vpn3 says
ifconfig-push 10.3.1.9 10.3.1.10
iroute 172.16.55.0 255.255.255.0
Is this possible? What server is used for 172.16.55.xxx - to - 172.16.55.xxx in this case?
Is there some way to make network priority?
Client devices are Raspberry PI with Debian wheezy (acting as router for his subnet) and servers are win7x64.

I have plan for 500 clients and 10 servers...
Top
the pill man
OpenVpn Newbie
Posts: 4
Joined: Mon Feb 22, 2016 5:01 pm

Re: configuratin check

Post by the pill man » Thu Feb 25, 2016 12:51 pm

Ok!
I tested my configuration today, and it is working, PC in subnet 172.16.55.xx have ping reply from pc in subnet 172.16.56.xx.
This is tested with VPN1 server and VPN2 server conected to clients at the same time (ping from PC 172.16.55.45 to PC 172.16.56.45).
Still, when both servers are connected I can't be sure in used route (tracert from PC to PC does not give replies).

Is there some other way to check this? Maybee some app for network monitoring for Raspberry PI (Debian wheezy)?

Please help!
I plan to put network in run next week so if I must add something.....

Here is server VPN1 config
local 192.168.1.xxx
port 33333
proto udp
dev tun
dev-node vpn1
ca ca.crt
cert xxx.crt
key xxx.key # This file should be kept secret
dh dh1024.pem
server 10.1.1.0 255.255.255.0
max-routes 1000
#route 10.1.1.0 255.255.255.0
route 10.1.2.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.1.1.0 255.255.255.0"
push "route 10.1.2.0 255.255.255.0"
client-config-dir ccd
route 172.16.55.0 255.255.255.0
route 172.16.56.0 255.255.255.0
client-config-dir ccd
client-to-client
push "route 172.16.55.0 255.255.255.0"
push "route 172.16.56.0 255.255.255.0"
keepalive 90 180
comp-lzo
max-clients 1000
persist-key
persist-tun
status openvpn-status.log
verb 3
Top
Post Reply

Return to “Wishlist”