OpenVPN Support Forum

I am trying to setup openvpn in a way that connected clients can use their own internet bandwidth. For example VPN server will be in City A and clients are in City B and City C. Both the clients in City B and City C should use their own internet bandwidth and not the bandwidth of VPN server which is in City A. I hope I am able to make my self clear.

Maybe to help you clarify, I can ask this: Do you mean that clients in city B and C will connect to the VPN to access the resources on the VPN; but the important thing for you is that they do not tunnel through the VPN for regular internet activity? (so, access to vpn, but no tunnel through).

When you say "use their own internet bandwidth", its a little vague, so thats why I tried to specify if you mean "do not tunnel through" ... ?

Hope this is helpful to you in clarifying.

Thanks Bepop I would like to clarify it with more specific example

Suppose VPN Client in City B wants to use a service which is available from vpn client in City C they should be connected through VPN server in City A but once they are connected City B client should be able to use their own internet bandwidth while using services provided by City C client.

I hope I am more clear now.

When you say "use his own bandwidth" do you mean for web surf, torrent, email, etc?

To answer that: he can use his own bandwidth -- but it will show his real IP too. The connection to the VPN will be pointless.. unless he is only accessing some specific resources on the VPN, in which case it will be using VPN bandwidth.

actually I am planning to host a vpn service for around 1000 people of same company at different locations. I want them to use vpn when connecting to remote locations but I am afraid if more than 100 people simultaneously use vpn bandwidth it wont suffice. So I want them to connect to each other through vpn but while accessing each other computer through vpn they should not use bandwidth of vpn. I am actually confused between tunneling, bridging and routing concepts of vpn.

OK that makes sense to me now. My understanding of routes between each client -- in client-to-client mode, all data will be via the central vpn server. So, in effect, only possible that clients can communicate as members of the vpn, if allowed to pass through the main server for all data.

I will get a 2nd opinion for you though. Expect an answer from another member just to confirm or deny what I've said.

Bebop, you are rigth. OpenVPN is not like torrent, where server is just a meeting point for clients, but actual data is directly transmited from one client to another. VPN is a virtual switch device, which has some firewall capabilities, and all traffic will go thru the server anyway, unleast if developers will implement a direct client to client connection based on server's encription and certificate. But here will arise sequirity problem, especcialy denying users by certificate. Also, clients behind firewalls will never connect with each other directly.

So should I consider that I will have to increase the bandwidth of openvpn server as per the needs of clients connected ?

I still feel that there should be another ways since openvpn does two things 1. authenticates two clients and 2. provides them virtual interface. what if we can bridge those virtual interfaces with the existing local interfaces. I dont know if I am conceptually correct this is just an assumption. please guide

The only way is to increase server's bandwith and performance.

OpenVPN authenticates every packet and routes it to the destination client. OpenVPN does not create virtual connection between two clients. Every client have its own connection only with server.