| 160 | |
| 161 | |
| 162 | === Examples for p2p topology === |
| 163 | |
| 164 | This topology is only valid when none of your clients are Windows. The benefit is that you can use the entire network range. This can be beneficial when using smaller networks, such as a /29, /30, or even a /31 (normally unusable on "traditional" Ethernet-style networks.) |
| 165 | |
| 166 | An advanced example is also shown at the end where you can use 100% of a given network for client IPs since PtP addressing does not have to be contiguous. |
| 167 | |
| 168 | All these examples push the assigned IPs from the server, so they use a '''single''' client config common to all examples: |
| 169 | |
| 170 | ==== Common client config for p2p examples ==== |
| 171 | |
| 172 | * client config: |
| 173 | {{{ |
| 174 | --client |
| 175 | --dev tun |
| 176 | |
| 177 | # TLS needs: |
| 178 | --pkcs12 /vpn/client.p12 |
| 179 | }}} |
| 180 | |
| 181 | ==== Using a /24 ==== |
| 182 | |
| 183 | In this example, we assign the following addressing: |
| 184 | * VPN server: 10.8.0.0 |
| 185 | * client1: 10.8.0.1 |
| 186 | * client2: 10.8.0.2 |
| 187 | * dynamic IPs assigned to other clients: 10.8.0.100 - 10.8.0.199 |
| 188 | * (The IP 10.8.0.255 is used as a common peering IP and not routable) |
| 189 | |
| 190 | * server config: |
| 191 | {{{ |
| 192 | --mode server |
| 193 | --tls-server |
| 194 | --dev tun |
| 195 | --topology "p2p" |
| 196 | --push "topology p2p" |
| 197 | --ifconfig 10.8.0.0 10.8.0.255 |
| 198 | --push "route-gateway 10.8.0.0" |
| 199 | --ifconfig-pool 10.8.0.100 10.8.0.199 |
| 200 | --client-config-dir /vpn/ccd-dir |
| 201 | |
| 202 | # TLS needs: |
| 203 | --pkcs12 /vpn/server.p12 |
| 204 | --dh /vpn/dh.pem |
| 205 | }}} |
| 206 | * server's `/vpn/ccd-dir/client1` file: |
| 207 | {{{ |
| 208 | ifconfig-push 10.8.0.1 10.8.0.0 |
| 209 | }}} |
| 210 | * server's `/vpn/ccd-dir/client2` file: |
| 211 | {{{ |
| 212 | ifconfig-push 10.8.0.2 10.8.0.0 |
| 213 | }}} |
| 214 | |
| 215 | ==== Advanced example: utilizing a /30 ==== |
| 216 | |
| 217 | In this example, we assign the following addressing, assigning 4 clients out of the network 203.0.113.252/30. The VPN server uses RFC1918 locally, and a matching RFC1918 is used by clients as the peering address. |
| 218 | * VPN server: 192.168.222.0 (peering with 192.168.222.1) |
| 219 | * client1: 203.0.113.252 |
| 220 | * client2: 203.0.113.253 |
| 221 | * client3: 203.0.113.254 |
| 222 | * client4: 203.0.113.255 |
| 223 | |
| 224 | * server config: |
| 225 | {{{ |
| 226 | --mode server |
| 227 | --tls-server |
| 228 | --dev tun |
| 229 | --topology "p2p" |
| 230 | --push "topology p2p" |
| 231 | --ifconfig 192.168.222.0 192.168.222.1 |
| 232 | --push "route-gateway 192.168.222.0" |
| 233 | --client-config-dir /vpn/ccd-dir |
| 234 | |
| 235 | # TLS needs: |
| 236 | --pkcs12 /vpn/server.p12 |
| 237 | --dh /vpn/dh.pem |
| 238 | }}} |
| 239 | * server's `/vpn/ccd-dir/client1` file: |
| 240 | {{{ |
| 241 | ifconfig-push 203.0.113.252 192.168.222.0 |
| 242 | }}} |
| 243 | * server's `/vpn/ccd-dir/client2` file: |
| 244 | {{{ |
| 245 | ifconfig-push 203.0.113.253 192.168.222.0 |
| 246 | }}} |
| 247 | * server's `/vpn/ccd-dir/client3` file: |
| 248 | {{{ |
| 249 | ifconfig-push 203.0.113.254 192.168.222.0 |
| 250 | }}} |
| 251 | * server's `/vpn/ccd-dir/client4` file: |
| 252 | {{{ |
| 253 | ifconfig-push 203.0.113.255 192.168.222.0 |
| 254 | }}} |