Re: ppp / open vpn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

I'm responding to this thread as I am more of an OpenVPN person than a PPP person. Hopefully I can shed some light on the things Tony is seeing.

James Carlson wrote:
So a question is, what has precedence, 0.0.0.0 with netmask 0.0.0.0 or
0.0.0.0 and 128.0.0.0 with a netmask of 128.0.0.0?  They bothe appear to
cover every address (not specifically specified in a previous route which I did not show).

In IP forwarding, longer netmask == higher precedence.

So, yes, you could have a default 0.0.0.0/0 route pointing to the old
destination, and then cover it with two new routes to 0.0.0.0/1 and
128.0.0.0/1.  Those new routes would take precedence over the 0.0.0.0/0
route, because each has a longer netmask (1 > 0).

(For what it's worth, I find CIDR notation a little easier to grok than
explicit netmasks ... but express it whatever way makes sense to you.)

The 0.0.0.0/1+128.0.0.0/1 route is an OpenVPN trick to redirect the default gateway while keeping the original route intact. When OpenVPN shuts down or crashes the default route is still available and you still have a working system. If the 0.0.0.0/0 route is replaced then you'd end up with a broken box.

          inet addr:10.1.0.6  P-t-P:10.1.0.6  Mask:255.0.0.0

That doesn't look happy.  Why would both the local and remote address be
equal?  (I wouldn't expect a functioning system to allow a configuration
like that.)

The whole point of a point-to-point interface (of any type; PPP, tunnel,
or otherwise) is that it connects two distinct IP nodes.  Distinct.  Not
one IP node to itself!

This is another trick of OpenVPN to assign "linear addresses" to clients while using a PtP (tun) interface. It is enabled in OpenVPN 2.1 (and openvpnas, which is based on 2.1) by using the
 topology subnet
directive.
This trick *does* work on several platforms (Linux, BSD, MacOS, Windows, all with their respective special flags), but you need to be careful NOT to use the remote PtP address. Linux does not care whether the remote PtP address is the same as the local part. Linux does not even care if the 'tun' device as an IP address at all: it will still let you route data over it as long as you specify the right routing device. Data intended for the 'tun0' (or 'ppp0' interface in Tony's case) is simply sent to the 'tun' device. The OpenVPN process then picks it up, ships it to the other end of the tunnel and the reverse is done.


You can achieve the local routing of the 10.4.55.X subnet by adding a statement to the client-side OpenVPN config file
  route 10.4.55.0 255.255.255.0 net_gateway

But this is getting off-topic for this list ....

HTH,

JJK

--
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Audio Users]     [Linux for Hams]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Fedora Users]

  Powered by Linux