Page 1 of 1
Isololated client connections in version 2.0.5
Posted: Thu Nov 04, 2010 10:10 am
by vermeer_p
Is there a possibillity make more vpn client connections, with a direct connection between clients in version 2.0.5?
(in version '2.1' I can make it happen with the "topology mask" option)
This is what I want to realize:
There are 2 pairs of clients which must have a isolated communication:
Client1a: LANIP: 10.0.0.53/24
Client1b: 192.168.1.100/24
Client2a: 10.0.0.53/24
Client2b: 192.168.2.100/24
I want to prevent ip conflicts (subnet Client1a = subnet Client2a) how can I make a route directly from Client1a to Clientb without:
> client-to-client
> push "route 10.0.0.0 255.255.255.0" (This will cause the ip conflict)
Re: Isololated client connections in version 2.0.5
Posted: Thu Nov 04, 2010 10:15 am
by krzee
vermeer_p wrote:Is there a possibillity make more vpn client connections, with a direct connection between clients in version 2.0.5?
no... and omg upgrade!
(in version '2.1' I can make it happen with the "topology mask" option)
you mean topology subnet
Re: Isololated client connections in version 2.0.5
Posted: Thu Nov 04, 2010 10:29 am
by vermeer_p
Unfortunately, I cannot make an upgrade on the vpn client a1 en b1, because this hardware (eWON 2005CD) with a fixed vpn version in the firmware of the supplier. (
http://www.ewon.biz)
There must be a way because they (ewon) made it happen on a dedicated vpn server (Talk2M), but we would like to make such a server within our own management,
By the way .... Yes, I did mean topology subnet.
Re: Isololated client connections in version 2.0.5
Posted: Thu Nov 04, 2010 10:37 am
by krzee
in that case please better explain what you want... maybe a diagram would help (gliffy.com or visio or something similar)
Re: Isololated client connections in version 2.0.5
Posted: Thu Nov 04, 2010 11:37 am
by vermeer_p
Here is a schematic drawing of what I want to accomplish. Finally there should be more than two pairs of connections.
Re: Isololated client connections in version 2.0.5
Posted: Sun Nov 07, 2010 5:04 am
by krzee
you need to change one of the LAN subnets
Re: Isololated client connections in version 2.0.5
Posted: Sun Nov 07, 2010 12:48 pm
by vermeer_p
It's no option to change the LAN subnets, but I have found a sollution in using dev-tap. And create the routing on the clients through the vpn network.
The following IP's were assigned:
Client1a:
LANIP: 10.0.0.53/24
VPNIP: 10.8.0.10/24
Client1b:
LANIP: 192.168.1.100/24
VPNIP: 10.8.0.11/24
Client2a:
LANIP: 10.0.0.53/24
VPNIP: 10.8.0.20/24
Client2b:
LANIP: 192.168.2.100/24
VPNIP: 10.8.0.21/24
Now add the following routes on the client site (could be pushed from the server with custom client config).
Client 1a: route add 192.168.1.0 mask 255.255.255.0 10.8.0.11
Client 1b: route add 10.0.0.0 mask 255.255.255.0 10.8.0.10
Client 2a: route add 192.168.2.0 mask 255.255.255.0 10.8.0.21
Client 2b: route add 10.0.0.0 mask 255.255.255.0 10.8.0.20
The only disadvantage is that I had to assign an bridged connection on the vpn server, which I did not require.