)
you can assing ips like in tap mode...--topology mode
Configure virtual addressing topology when running in --dev tun mode. This direc‐
tive has no meaning in --dev tap mode, which always uses a subnet topology.
If you set this directive on the server, the --server and --server-bridge direc‐
tives will automatically push your chosen topology setting to clients as well.
This directive can also be manually pushed to clients. Like the --dev directive,
this directive must always be compatible between client and server.
mode can be one of:
net30 -- Use a point-to-point topology, by allocating one /30 subnet per client.
This is designed to allow point-to-point semantics when some or all of the con‐
necting clients might be Windows systems. This is the default on OpenVPN 2.0.
p2p -- Use a point-to-point topology where the remote endpoint of the client's tun
interface always points to the local endpoint of the server's tun interface. This
mode allocates a single IP address per connecting client. Only use when none of
the connecting clients are Windows systems. This mode is functionally equivalent
to the --ifconfig-pool-linear directive which is available in OpenVPN 2.0 and is
now deprecated.
subnet -- Use a subnet rather than a point-to-point topology by configuring the
tun interface with a local IP address and subnet mask, similar to the topology
used in --dev tap and ethernet bridging mode. This mode allocates a single IP
address per connecting client and works on Windows as well. Only available when
server and clients are OpenVPN 2.1 or higher, or OpenVPN 2.0.x which has been man‐
ually patched with the --topology directive code. When used on Windows, requires
version 8.2 or higher of the TAP-Win32 driver. When used on *nix, requires that
the tun driver supports an ifconfig(8) command which sets a subnet instead of a
remote endpoint IP address.
Code: Select all
mode server
tls-server
port 80
dev tun
topology subnet
client-cert-not-required
username-as-common-name
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key" # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
ifconfig 10.2.13.1 10.2.13.10
push "redirect-gateway def1 bypass-dhcp"
cipher AES-256-CBC
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 8.8.4.4"
duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3
mute 20
route-method exe
script-security 3
auth-user-pass-verify "C:/php/php.exe C:/scripts/ldap.php" via-file Code: Select all
client
dev tun
proto tcp
remote xx.xx.229.130 80
nobind
persist-key
persist-tun
ca ca.crt
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3
mute 20
route-method exe
route-delay 2
auth-user-pass login.conf
reneg-sec 0
tun-mtu 1500
mssfix 1450
Wed Feb 06 16:28:11 2013 SENT CONTROL [Server]: 'PUSH_REQUEST' (status=1)
Wed Feb 06 16:28:11 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 8.8.4.4,ping 10,ping-restart 120'
Wed Feb 06 16:28:11 2013 OPTIONS IMPORT: timers and/or timeouts modified
Wed Feb 06 16:28:11 2013 OPTIONS IMPORT: route options modified
Wed Feb 06 16:28:11 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Feb 06 16:28:11 2013 ROUTE default_gateway=192.168.20.1
Wed Feb 06 16:28:11 2013 TAP-WIN32 device [Open connection] opened: \\.\Global\{9D9D0336-1476-4B02-A401-5C59FEFE2449}.tap
Wed Feb 06 16:28:11 2013 TAP-Win32 Driver Version 9.6
Wed Feb 06 16:28:11 2013 TAP-Win32 MTU=1500
Wed Feb 06 16:28:11 2013 ERROR: --dev tun also requires --ifconfig
Wed Feb 06 16:28:11 2013 Exiting
tls-server
port 80
proto tcp-server
dev tun
topology subnet
client-cert-not-required
username-as-common-name
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key" # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
server 10.2.13.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
cipher AES-256-CBC
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 8.8.4.4"
duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3
mute 20
route-method exe
script-security 3
auth-user-pass-verify "C:/php/php.exe C:/scripts/ldap.php" via-file
Options error: --duplicate-cn requires --mode server
Options error: --client-cert-not-required requires --mode server
Options error: --username-as-common-name requires --mode server
Regards,Options error: --auth-user-pass-verify requires --mode server
Michael.server 10.2.13.0 255.255.255.0
because my english are not very good...Just advise is it possible that OpenVPN server but route at server side when connection established and remove it when IP release or client disconnect session.
Code: Select all
Just advise is it possible that OpenVPN server but route at server side when connection established and remove it when IP release or client disconnect session.
openvpn supports client-connect directive which you can usei meant to say "is it possible that OpenVPN server put a route on server site, when a VPN connection established"
can you give more technical info please..?Have you read my another reply about add IPs on enthernet connection once and remove after few seconds, Internet start working on VPN client, any idea ?