0

Assume that I have an OpenVPN server S and some number of OpenVPN clients C1, ..., Cn connecting to the server in a subnet topology configuration using tun interfaces. Each client Ci is in its own local subnet Ni, and some of them should route packets from their subnet Ni to the subnets behind the other clients.

The straight forward solution would be to set up static addresses for the clients' the tun interfaces and static routes from each subnet to every other subnets.

Is there a way to achieve this without any of the server or clients having any prior knowledge about the other clients' subnets? That is, each client Ci should only know its own local subnet Ni and push it to the server S on tunnel establishment. The server should then push a corresponding route to all other clients Cj, whether they are already connected or connect later on.

DLichti
  • 101
  • 2
  • If a client could push route commands to the server, it could cause a denial of service. Therefore the networks behind the clients must be preconfigured on the server. – Piotr P. Karwasz Feb 24 '20 at 21:22
  • @PiotrP.Karwasz If a client can authenticate using valid credentials, I am considering it to be friendly. Of course, I need to keep the subnets disjoint, but since I control all of them, this is not a problem. – DLichti Feb 25 '20 at 16:58
  • OpenVPN does not allow clients to push routes to the server, you need to configure them through `client-config-dir`. However, since you control the networks you can assign all subnets from `10.0.0.0/8` and push this route to all clients. – Piotr P. Karwasz Feb 25 '20 at 23:22

0 Answers0