Isololated client connections in version 2.0.5

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
vermeer_p
OpenVpn Newbie
Posts: 4
Joined: Thu Nov 04, 2010 9:50 am

Isololated client connections in version 2.0.5

Post by vermeer_p » Thu Nov 04, 2010 10:10 am

Is there a possibillity make more vpn client connections, with a direct connection between clients in version 2.0.5?
(in version '2.1' I can make it happen with the "topology mask" option)

This is what I want to realize:

There are 2 pairs of clients which must have a isolated communication:
Client1a: LANIP: 10.0.0.53/24
Client1b: 192.168.1.100/24

Client2a: 10.0.0.53/24
Client2b: 192.168.2.100/24

I want to prevent ip conflicts (subnet Client1a = subnet Client2a) how can I make a route directly from Client1a to Clientb without:
> client-to-client
> push "route 10.0.0.0 255.255.255.0" (This will cause the ip conflict)

User avatar
krzee
Forum Team
Posts: 729
Joined: Fri Aug 29, 2008 5:42 pm

Re: Isololated client connections in version 2.0.5

Post by krzee » Thu Nov 04, 2010 10:15 am

vermeer_p wrote:Is there a possibillity make more vpn client connections, with a direct connection between clients in version 2.0.5?
no... and omg upgrade!
(in version '2.1' I can make it happen with the "topology mask" option)
you mean topology subnet

vermeer_p
OpenVpn Newbie
Posts: 4
Joined: Thu Nov 04, 2010 9:50 am

Re: Isololated client connections in version 2.0.5

Post by vermeer_p » Thu Nov 04, 2010 10:29 am

Unfortunately, I cannot make an upgrade on the vpn client a1 en b1, because this hardware (eWON 2005CD) with a fixed vpn version in the firmware of the supplier. (http://www.ewon.biz)

There must be a way because they (ewon) made it happen on a dedicated vpn server (Talk2M), but we would like to make such a server within our own management,

By the way .... Yes, I did mean topology subnet.

User avatar
krzee
Forum Team
Posts: 729
Joined: Fri Aug 29, 2008 5:42 pm

Re: Isololated client connections in version 2.0.5

Post by krzee » Thu Nov 04, 2010 10:37 am

in that case please better explain what you want... maybe a diagram would help (gliffy.com or visio or something similar)

vermeer_p
OpenVpn Newbie
Posts: 4
Joined: Thu Nov 04, 2010 9:50 am

Re: Isololated client connections in version 2.0.5

Post by vermeer_p » Thu Nov 04, 2010 11:37 am

Here is a schematic drawing of what I want to accomplish. Finally there should be more than two pairs of connections.
Image

User avatar
krzee
Forum Team
Posts: 729
Joined: Fri Aug 29, 2008 5:42 pm

Re: Isololated client connections in version 2.0.5

Post by krzee » Sun Nov 07, 2010 5:04 am

you need to change one of the LAN subnets

vermeer_p
OpenVpn Newbie
Posts: 4
Joined: Thu Nov 04, 2010 9:50 am

Re: Isololated client connections in version 2.0.5

Post by vermeer_p » Sun Nov 07, 2010 12:48 pm

It's no option to change the LAN subnets, but I have found a sollution in using dev-tap. And create the routing on the clients through the vpn network.

The following IP's were assigned:
Client1a:
LANIP: 10.0.0.53/24
VPNIP: 10.8.0.10/24

Client1b:
LANIP: 192.168.1.100/24
VPNIP: 10.8.0.11/24

Client2a:
LANIP: 10.0.0.53/24
VPNIP: 10.8.0.20/24

Client2b:
LANIP: 192.168.2.100/24
VPNIP: 10.8.0.21/24

Now add the following routes on the client site (could be pushed from the server with custom client config).

Client 1a: route add 192.168.1.0 mask 255.255.255.0 10.8.0.11
Client 1b: route add 10.0.0.0 mask 255.255.255.0 10.8.0.10
Client 2a: route add 192.168.2.0 mask 255.255.255.0 10.8.0.21
Client 2b: route add 10.0.0.0 mask 255.255.255.0 10.8.0.20

The only disadvantage is that I had to assign an bridged connection on the vpn server, which I did not require.

Post Reply