Openvpn topology
-
hi,i try to make a site to site openvpn vpn ,can you tell me if this topology can work correctly .
 -
At first glance, it appears OK, but why do you have a /25 on the tunnel? You'd normally use a /30 there.
-
as i had understood,the ip tunnel will be affected to each host in the tunnel vpn , so if i get ip/30 i wont be able to connect every host through the tunnel , is it correct ?
-
as i had understood,the ip tunnel will be affected to each host in the tunnel vpn , so if i get ip/30 i wont be able to connect every host through the tunnel , is it correct ?
No that's not correct. Connections are routed through the tunnel, but it doesn't limit the number of addresses on the other side. Think of your Internet connection. You have a single address on your firewall/router, but can reach every address out there. As I mentioned, a /30 is typically used, but even a /31 can be used, if the tunnel end points support it.
To understand this, take a look at how routing works. When a computer sends a packet to a destination that's not on the local network, it forwards it through the router or gateway. The router then looks at the destination address and sends it on appropriately, eventually reaching the destination network. At that point the router will send it to the desired device. So, you only need enough addresses on the network where the devices are located.
-
thank you for the help, i will change that and notice you in the end of work
-
hi, i tried like you tell me but it not work,i think there is something addionnal that i forget to do. there is a screen with all conf ( server+ client) and the log (server+client). it still want connect and i cant find the problem :(
 -
hi,i resolved the problem,its the modem who has blocked the cnx on the vpn server ,now its work.
bue another question please,should i change the encryption to ssl or even with shared key its securised a lot .
