Comments (5)
ordex
commented on July 4, 2024
Hi, your sample CCD files do not truly match what you are saying.
push "route X Y" is telling the client to add a route of what should be sent to the VPN.
With your CCD files above you are telling all three clients to send traffic for those networks to the VPN server.
Now, what will the VPN server do with this traffic? Either this traffic has to go somewhere else (look up the system routing table) or should be redirected to another client.
In the latter case (which is what I think you are referring to), the server needs directives called iroutes and that should be added to the CCD file of the client responsible for that network.
If multiple clients are responsible for the same network, I believe simply keeps the directive of the last client that connected to the server (basically it overwrites any previous directive).
Therefore it's up to you to resolve the conflict somehow.
OTOH if you are using DCO on Linux, iroutes are implemented via system routing table too. Maybe there you can do some tricks and allow similar routes to coexists.
from openvpn.
balck-paint
commented on July 4, 2024
@ordex
Sorry, the configuration I gave was wrong. Corrected. But you understand that right, all I want to do is instruct openvpnServer to redirect to the client I really want to access, how do I do that? Don't have a clue, do you have any good ideas?
from openvpn.
cron2
commented on July 4, 2024
The clients will be assigned unique IP addresses on the VPN interface anyway. So if you want to "access the client", use these.
If you want to access something on the LAN side of the client, and multiple clients use the same subnet, this is not something OpenVPN can fix for you - iroutes must be unique, or it will pick one or the other (first client to connect, or last client to connect, not sure, but "not determined by config").
from openvpn.
ordex
commented on July 4, 2024
@balck-paint maybe you should start from scratch and think about the logic steps you'd need to determine what exact LAN you want to connect to. From there, you may be able to figure out how to implement that on your side.
You wrote "what my c really wants to access is the subnet of client B", but this is not something that can be converted to machine rules. What about other clients? Will the target LAN change over time? if yes, based on what?
After answering all these questions you may be able to start thinking the "how".
This said, I hardly believe OpenVPN alone can help you here.
from openvpn.
schwabe
commented on July 4, 2024
Am 06.06.24 um 09:32 schrieb Gert Doering:
The clients will be assigned unique IP addresses on the VPN interface
anyway. So if you want to "access the client", use these.
If you want to access something on the LAN side of the client, and
multiple clients use the same subnet, this is not something OpenVPN can
fix for you - iroutes must be unique, or it will pick one or the other
(first client to connect, or last client to connect, not sure, but "not
determined by config").
Or you can have different subnet between client and server and map them
with client-nat on the OpenVPN client side to the non-unique ones but
that is a setup that needs to be well planned and should be avoided in
the first place.
Arne
from openvpn.
Related Issues (20)
- Problems when reconnecting OpenVPN HOT 1
- I'm getting a certificate error when I use OpenVPN to access a website with HSTS turned on.
- The openvpn client suddenly disconnects HOT 3
- VPN stop working HOT 4
- Debian / Ubuntu: OpenVPN apt repositories HOT 3
- Unfair treatment for "Stub" Compression push? HOT 4
- connect error on kali linux HOT 9
- The visited host is unable to obtain the client IP of OpenVPN, only the IP of the OpenVPN server will be obtained HOT 1
- Cannot connect more than one client from behind a NAT firewall HOT 12
- openvpn tls handshake error in some isp like mci HOT 1
- Can openvpn’s open ports handle the following attacks? HOT 5
- Continuously sending DNS (queries/responses) HOT 4
- Name resolution not refreshed after "power hibernate-restore" on OpenVPN client PCs HOT 3
- [REGRESSION] MTU is not set correctly HOT 6
- A response is returned with a temporary address even if a fixed address is used for access when using IPv6 address. HOT 4
- How do I customize my status.log HOT 1
- Proposal: a parameter to trigger just a syntax check and exit HOT 2
- Temporary pause the connection for Android client
- Rejection of non-printable characters in server response vs newlines HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openvpn.