Page 1 of 1
Configuring for dynamic client IPs
Posted: Sun Mar 13, 2011 2:56 pm
by hollaz
Hi,
I have the following semgent in my server config:
Code: Select all
server 10.90.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt # Record for virtual IP mappings
comp-lzo # Allow compression
persist-key
persist-tun
route 192.168.1.0 255.255.255.0
push "route 10.90.10.0 255.255.255.0"
So 192.168.1.x is the current subnet that my client is on, and the server's LAN uses 10.90.10.x and the tun uses virtual subnet 10.90.0.x.
This all works fine, but I want to configure it so I can use my client (laptop) on dynamic networks e.g public wifi where it could be on any subnet. So my personal LAN the client is on 192.168.1.x but if I take it out it might end up on 10.80.0.x etc.
Basically, how can I get the routing working correctly without hardcoding the client's subnet.
Thanks a lot for any help
Re: Configuring for dynamic client IPs
Posted: Mon Mar 14, 2011 3:49 am
by Bebop
hollaz wrote: I want to configure it so I can use my client (laptop) on dynamic networks e.g public wifi where it could be on any subnet.
Define
use.
Do you want to login from Public Wifi to to simply use the VPN as a secure tunnel to the Internet?
If you define your intention for the network setup (is it a tunnel only, is it for linking multiple LANs only, etc), then any advice will be tailored to your needs.
Have you tried accessing from the Public Wifi yet? You can connect from
any network by default. I don't see why you can't simply
use the laptop from any network you want, and leave the config as it is.
From your code:
What is this for? Unless you have a really specific purpose for this then you best just remove it.
Code: Select all
push "route 10.90.10.0 255.255.255.0"
Also, without knowing the full purpose of your VPN, you can go ahead and delete this line too.
Re: Configuring for dynamic client IPs
Posted: Mon Mar 14, 2011 10:21 am
by janjust
as Bebop suggest, removed the erroneous route/push route statements.
As for making OpenVPN "just work" on any internet cafe/wifi network : it's not possible. Your best bet is to choose a subnet for your VPN which is not likely to be used by any internet cafe/wifi network. I often use networks like 172.27.X.0/24 (or any in the range 172.20/16 - 172.30/16).
HTH,
JJK
Re: Configuring for dynamic client IPs
Posted: Mon Mar 14, 2011 10:08 pm
by hollaz
Thanks both for the replies, let me better define what I meant
So I am using OpenVPN to join two LANs using tunnel (tun) mode.
I put that there so that the server knows to route 192.168.1.x through the VPN tunnel, because LAN 1 (client) uses that address range. Conversely I use
Code: Select all
push "route 10.90.10.0 255.255.255.0"
so that the client knows to route 10.90.10.x through the VPN because that is the IP range LAN 2 (server) uses.
Maybe though as you say I don't need to use "route 192.168.1.0 255.255.255.0" so I will try without that and if it works that solves my problem
I am perhaps confused and I might not even need to tell the server that route
I have selected my VPN subnet accordingly so the probability of it clashing is low (10.90.10.x), what I was worried about being a problem was the routing of what goes in and out of the tunnel at each end, specifically if I don't know the subnet the public-wifi is using. Perhaps that is of no real concern though as it is just a single box client and not a whole actually a client LAN that needs routing.