Changes between Version 10 and Version 11 of RoutedLans


Ignore:
Timestamp:
09/05/14 14:39:19 (4 years ago)
Author:
krzee king
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • RoutedLans

    v10 v11  
    3333  MULTI: bad source address from client [IP ADDRESS], packet dropped
    3434
    35 IP ADDRESS in that case would be the machine on client LAN which tried to talk through vpn, because openVPN has no clue what that address is. Once you give it the iroute statement, that changes. Iroute is a route internal to openVPN, and has nothing to do with the kernel's routing table. It tells the openvpn server which client owns which network. Note that even if you only have 1 lan behind 1 client, YOU STILL NEED IROUTE. You will need it any time a source ip address is different from the IP given to the vpn client by the vpn server.
     35IP ADDRESS in that case would be the machine on client LAN which tried to talk through vpn, because openVPN has no clue what that address is. Once you give it the iroute statement, that changes. Iroute is a route internal to openVPN, and has nothing to do with the kernel's routing table. It tells the openvpn server which client owns which network. Note that even if you only have 1 lan behind 1 client, YOU STILL NEED IROUTE. You will need it any time a clients source IP address is different from the IP given to it by the vpn server.
    3636
    3737The thing is, we cant just drop the iroute into server.conf because it would then be used for every client, and iroute is only to tell the server at which client it should send traffic destined for a network that the kernel said should go to the openvpn interface. That is why we add the iroute commands to a ccd entry.