Changes between Version 7 and Version 8 of Concepts-Addressing


Ignore:
Timestamp:
06/04/14 22:18:57 (5 years ago)
Author:
JoshC
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • Concepts-Addressing

    v7 v8  
    158158--pkcs12 /vpn/client.p12
    159159}}}
     160
     161
     162=== Examples for p2p topology ===
     163
     164This topology is only valid when none of your clients are Windows. The benefit is that you can use the entire network range. This can be beneficial when using smaller networks, such as a /29, /30, or even a /31 (normally unusable on "traditional" Ethernet-style networks.)
     165
     166An advanced example is also shown at the end where you can use 100% of a given network for client IPs since PtP addressing does not have to be contiguous.
     167
     168All these examples push the assigned IPs from the server, so they use a '''single''' client config common to all examples:
     169
     170==== Common client config for p2p examples ====
     171
     172* client config:
     173{{{
     174--client
     175--dev tun
     176
     177# TLS needs:
     178--pkcs12 /vpn/client.p12
     179}}}
     180
     181==== Using a /24 ====
     182
     183In this example, we assign the following addressing:
     184* VPN server: 10.8.0.0
     185* client1: 10.8.0.1
     186* client2: 10.8.0.2
     187* dynamic IPs assigned to other clients: 10.8.0.100 - 10.8.0.199
     188* (The IP 10.8.0.255 is used as a common peering IP and not routable)
     189
     190* server config:
     191{{{
     192--mode server
     193--tls-server
     194--dev tun
     195--topology "p2p"
     196--push "topology p2p"
     197--ifconfig 10.8.0.0 10.8.0.255
     198--push "route-gateway 10.8.0.0"
     199--ifconfig-pool 10.8.0.100 10.8.0.199
     200--client-config-dir /vpn/ccd-dir
     201
     202# TLS needs:
     203--pkcs12 /vpn/server.p12
     204--dh /vpn/dh.pem
     205}}}
     206* server's `/vpn/ccd-dir/client1` file:
     207{{{
     208ifconfig-push 10.8.0.1 10.8.0.0
     209}}}
     210* server's `/vpn/ccd-dir/client2` file:
     211{{{
     212ifconfig-push 10.8.0.2 10.8.0.0
     213}}}
     214
     215==== Advanced example: utilizing a /30 ====
     216
     217In this example, we assign the following addressing, assigning 4 clients out of the network 203.0.113.252/30. The VPN server uses RFC1918 locally, and a matching RFC1918 is used by clients as the peering address.
     218* VPN server: 192.168.222.0 (peering with 192.168.222.1)
     219* client1: 203.0.113.252
     220* client2: 203.0.113.253
     221* client3: 203.0.113.254
     222* client4: 203.0.113.255
     223
     224* server config:
     225{{{
     226--mode server
     227--tls-server
     228--dev tun
     229--topology "p2p"
     230--push "topology p2p"
     231--ifconfig 192.168.222.0 192.168.222.1
     232--push "route-gateway 192.168.222.0"
     233--client-config-dir /vpn/ccd-dir
     234
     235# TLS needs:
     236--pkcs12 /vpn/server.p12
     237--dh /vpn/dh.pem
     238}}}
     239* server's `/vpn/ccd-dir/client1` file:
     240{{{
     241ifconfig-push 203.0.113.252 192.168.222.0
     242}}}
     243* server's `/vpn/ccd-dir/client2` file:
     244{{{
     245ifconfig-push 203.0.113.253 192.168.222.0
     246}}}
     247* server's `/vpn/ccd-dir/client3` file:
     248{{{
     249ifconfig-push 203.0.113.254 192.168.222.0
     250}}}
     251* server's `/vpn/ccd-dir/client4` file:
     252{{{
     253ifconfig-push 203.0.113.255 192.168.222.0
     254}}}