Handing out the public IPs
With the
topology subnet
feature that OpenVPN 2.1 offers, it becomes feasible to hand out public IP addresses to connecting clients. For this recipe, we will show how such a setup can be realized. We will re-use a technique from the Chapter 2 recipe Proxy-ARP' to make the VPN clients appear as if they are a part of the remote network. If a dedicated IP address block is available for the VPN clients, then this is not required. The advantage of using the proxy-arp
method is that it allows us to use only part of an expensive public IP address block.
Getting ready
For this recipe, the server computer was running CentOS 5 Linux and OpenVPN 2.1.3. The client computer was running Windows XP SP3 and OpenVPN 2.1.1. Keep the client configuration file, basic-udp-client.ovpn
, from the Chapter 2 recipe Using an 'ifconfig-pool' block at hand.
To test this recipe, a public IP address block of 16 addresses was used, but here, we will list a private address block instead (10.0.0...