From: Bob Proulx <b...@proulx.com> Date: Tue, 18 Jan 2011 21:12:47 -0700 > I am suggesting that you have such a complicated routing setup that it > is causing you difficulty and that you should simplify it by some > method. You listed five (5!) route commands in your configuration.
Yes; addressing subnets rather than individual machines is better. Now there is just one route directive in joule:/etc/openvpn/myvpn.conf to identify the subnet at UBC. dalton:/etc/openvpn/myvpn.conf has one route directive to identify the subnet at home; but dalton has two other route directives to let the subnet at UBC connect to the Shaw FTP and SMTP servers. The Shaw SMTP server will accept a connection only via my home link. The FTP server will accept a connection from anywhere but the tunnel avoids exposing communication to the public. http://carnot.yi.org/NetworksPage.html is updated with the details. For now, I can't think of any further simplification. From: Mike Bird <mgb-deb...@yosemite.net> Date: Tue, 18 Jan 2011 21:07:47 -0800 > Once your routing gets that complexicational you might > want to consider using a routing deamon such as Quagga. > > You could probably use OSPF over the tunnels but we > prefer to use private BGP, with each office and laptop > and customer office network a separate private AS. I'll read about those. Now that the configurations are simplified I might leave them rather than install more software. Thanks for the ideas. Avoiding reliance on a DDNS for Joule by dropping the remote directive on Dalton was a crucial improvement. ... Peter E. -- Telephone 1 360 450 2132. Shop pages http://carnot.yi.org/ accessible as long as the old drives survive. Personal pages http://members.shaw.ca/peasthope/ . -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/171056900.36978.32436@cantor.invalid
