From: James Carlson <carlsonj@workingcode.com>
To: linux-ppp@vger.kernel.org
Subject: Re: ppp / open vpn
Date: Wed, 12 Jan 2011 14:57:19 +0000 [thread overview]
Message-ID: <4D2DC14F.5050903@workingcode.com> (raw)
In-Reply-To: <W90767349010091294791641@webmail30>
On 01/11/11 19:20, tony.chamberlain@lemko.com wrote:
> For our customers I have to set up an openvpn server and client.
> Our cell software creates Linux tunnels (e.g. tun0, tun1) when a cell
> phone wants to do a data session. Subsequently on startup our software
> kills all the tunnels. Unfortunately, it then kills the VPN client (this
> on the client side).
Why not fix your software so that it doesn't kill all the tunnels?
Isn't that the root of the problem you're facing?
> So to get around this, a person at work changed in the ovpn file
> dev tun0 to dev ppp0 so it would not get killed. As far as I understand
> though, openvpn is not ppp. I am wondering whether this will cause any
> problems in CentOS, calling a tunnel ppp?
I don't know that anyone uses or tests the software in that way, so
you'll have to let us know whether it works. If you have problems,
though, you're probably on your own.
> Through eth0 just
> 0.0.0.0 192.168.5.1 0.0.0.0 UG 0 0 0 eth0
>
> I could remove the 0.0.0.0 with netmask 0.0.0.0 when routing through the
> VPN but I don't want to forget what the original router (192.168.5.1) is.
One way to handle it would be to save it in a file. I realize that's
less than optimal.
> So a question is, what has precedence, 0.0.0.0 with netmask 0.0.0.0 or
> 0.0.0.0 and 128.0.0.0 with a netmask of 128.0.0.0? They bothe appear to
> cover every address (not specifically specified in a previous route which I did not show).
In IP forwarding, longer netmask = higher precedence.
So, yes, you could have a default 0.0.0.0/0 route pointing to the old
destination, and then cover it with two new routes to 0.0.0.0/1 and
128.0.0.0/1. Those new routes would take precedence over the 0.0.0.0/0
route, because each has a longer netmask (1 > 0).
(For what it's worth, I find CIDR notation a little easier to grok than
explicit netmasks ... but express it whatever way makes sense to you.)
> inet addr:10.1.0.6 P-t-P:10.1.0.6 Mask:255.0.0.0
That doesn't look happy. Why would both the local and remote address be
equal? (I wouldn't expect a functioning system to allow a configuration
like that.)
The whole point of a point-to-point interface (of any type; PPP, tunnel,
or otherwise) is that it connects two distinct IP nodes. Distinct. Not
one IP node to itself!
--
James Carlson 42.703N 71.076W <carlsonj@workingcode.com>
next prev parent reply other threads:[~2011-01-12 14:57 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-12 0:20 ppp / open vpn tony.chamberlain
2011-01-12 14:57 ` James Carlson [this message]
2011-01-12 15:17 ` tony.chamberlain
2011-01-12 15:29 ` James Carlson
2011-01-12 21:17 ` Jan Just Keijser
2011-01-12 21:26 ` James Carlson
2011-01-13 1:47 ` Jan Just Keijser
2011-01-13 12:41 ` tony.chamberlain
2011-01-13 14:02 ` Charlie Brady
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D2DC14F.5050903@workingcode.com \
--to=carlsonj@workingcode.com \
--cc=linux-ppp@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox