[ale] OpenVPN test

[Chris Fowler]

On Thu, 2010-08-26 at 10:10 -0400, Brian MacLeod wrote:
> 
> TUN scales far better than TAP, so if you have the potential of a lot
> of
> clients connecting at once, then direct yourself to the TUN
> arrangement.
>  A lot of clients is relative to the horsepower and connectivity of
> the
> server in question.  My experience with having it on an old Pentium
> III
> with 256MB and a DSL connection was that after 4 TAP connections,
> things
> were dragging (I blame the intercommunication of the TiVos at that
> time,
> which is broadcast based for discovery).
> 
> 

Shoot me, I like the traditional pty + pppd over a secure path version
of a VPN instead of tun :)

Here is what I do not understand about my config:

port 1194
proto tcp-server
dev tun
ca /etc/ca/cacert.pem
cert /etc/ca/certs/servercert.pem
key /etc/ca/keys/serverkey.pem
dh /etc/openvpn/keys/dh1024.pem
server 10.0.9.224 255.255.255.224
keepalive 10 120
#comp-lzo
max-clients 4
user root
group root
persist-key
persist-tun
status /tmp/openvpn-status.log
log-append  /var/log/openvpn-tun.log
duplicate-cn
verb 3


I've picked a piece of 10.0.9.0 for VPN clients.  I make one connection
from Winblows and on the server I have a tun0

inet addr:10.0.9.225  P-t-P:10.0.9.226

On the client I have:

inet addr:10.0.9.230  P-t-P:10.0.9.229

What happened to 227 and 228?  Why does each interface use 2 addresses.
Obviously this is the way it is but you could eat up a class C very
quickly with inefficient use of address.

On the PPP based VPN I have 12 right now going on the same server.  I
use 10.0.9.2 as the server side and then I use 10.0.9.3->200 for the
clients.  This is very efficient use of addresses since the peer of each
client is 10.0.9.2!