11 Aug
2014
11 Aug
'14
11:15 a.m.
Hello Rob/PE1CHL et al.
Rob, thank you very much for "pushing me" into right direction!
Today I made interesting and promissing tests with OpenVPN.
My question and goal was:
"Whether and how one can allocate any-in-size subnet to particular VPN
client?"
Of course, from the address space being at disposal.
Hardware setup:
- AMPRNet gateway server, Debian-7.5 (LAN + WAN)
utilizing 44.165.2.0/28 address space
- OpenVPN server running on above mentioned gateway
utilizing 44.165.15.0/24 address space
- Desktop PC - Debian-7.5 (on LAN, behind router)
- VirtualBox machines: Debian-7.5 Fedora-20 OpenBSD-5.5
(running on Desktop PC)
- Sony Xperia Z1 running OpenVPN client
OpenVPN addresses allocation:
- OpenVPN server - 44.165.15.0/24
- Desktop PC - 44.165.15.16/28
- VirtualBox Debian-7.5 - 44.165.15.32/29
- VirtualBox Fedora-20 - 44.165.15.40
- VirtualBox OpenBSD-5.5 - 44.165.15.253
- Sony Xperia Z1 - 44.165.15.2
Commands giving such nice possibility (example for Desktop PC):
- in the OpenVPN server config file
topology subnet
route 44.165.15.16 255.255.255.240 44.165.15.30
- in the OpenVPN client config file (on server!!!)
ifconfig-push 44.165.15.17 255.255.255.0
iroute 44.165.15.16 255.255.255.240
Already allocated subnets may appear and will be
reachable EXCLUSIVELY on previously assigned machines.
All other addresses may emerge anywhere.
Finally very brief answer is:
YES, it is possible to assign subnet to a particular VPN client!
For more detailed descriptions please refer to OpenVPN manual.
Best regards.
Tom - sp2lob