OpenVPN Support Forum

Hi Guys,

I'm helping someone fix their client config and I wanted to know how this looks?

I'm not real good at this and if there are problems with it can someone tell me how to make it better?

A few things I believe I understand is it's better to use tun instead of tap, lower overheard and also to use more of network ips I believe for the remote and route-gateway as 10,10.xx instead of the actual IPs, but if this is true, would the actual IPs be a problem?

If this config could use fixing, can someone show me how to fix this easily or show information how to do it?


THANKS


client
dev tap
remote 8.8.30.8 5285
route-gateway 8.8.29.1
redirect-gateway def1
cipher AES-128-CBC
dhcp-option DNS 8.8.8.8
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo

ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/ccv.crt
key /etc/openvpn/keys/ccv.key
tls-auth /etc/openvpn/keys/ta.key 1

this config looks OK, you need the corresponding server config to tell if it will work. There's nothing really strange about this client config, however (except for the fact that the 'remote' address seems to be an Anycast address)

I don't know anything about Anycast, can this be bad?

I'm not much on Networking I know some of the names not sure if it's all the methods;

Anycast
Unicast
Broadcast
multicast

When using OpenVPN is there a preference?


THANKS

ah I'm already regretting I mentioned it

some people consider an IP address starting with a number lower than 10 as an Anycast address ; other than that it's just a regular IP address. I've just not seen any providers thus far that offer a VPN service in that range.

Ok...

As far as the IPs appearing in the config;

remote 8.8.30.8 5285
route-gateway 8.8.29.1

I thought it was safer to just have them as network ips only?

remote 10.0.x.x
route-gateway 10.0.x.x


THANKS