Routing via an OpenVPN tunnel; was "message threading ..."
From: Bob Proulx <bob@proulx.com>
Date: Tue, 18 Jan 2011 21:12:47 -0700
> I am suggesting that you have such a complicated routing setup that it
> is causing you difficulty and that you should simplify it by some
> method. You listed five (5!) route commands in your configuration.
Yes; addressing subnets rather than individual machines is better.
Now there is just one route directive in joule:/etc/openvpn/myvpn.conf
to identify the subnet at UBC. dalton:/etc/openvpn/myvpn.conf has
one route directive to identify the subnet at home; but dalton
has two other route directives to let the subnet at UBC connect
to the Shaw FTP and SMTP servers. The Shaw SMTP server will accept
a connection only via my home link. The FTP server will accept a
connection from anywhere but the tunnel avoids exposing communication
to the public. http://carnot.yi.org/NetworksPage.html is updated with the
details. For now, I can't think of any further simplification.
From: Mike Bird <mgb-debian@yosemite.net>
Date: Tue, 18 Jan 2011 21:07:47 -0800
> Once your routing gets that complexicational you might
> want to consider using a routing deamon such as Quagga.
>
> You could probably use OSPF over the tunnels but we
> prefer to use private BGP, with each office and laptop
> and customer office network a separate private AS.
I'll read about those. Now that the configurations are
simplified I might leave them rather than install more
software.
Thanks for the ideas. Avoiding reliance on a DDNS for Joule
by dropping the remote directive on Dalton was a crucial
improvement.
... Peter E.
--
Telephone 1 360 450 2132.
Shop pages http://carnot.yi.org/ accessible as long as the old drives survive.
Personal pages http://members.shaw.ca/peasthope/ .
Reply to: