Direct connection between multiple clients on OpenVPN
I've spent my entire day learning about VPN, and have been working with following setup:
2 VPS Servers at the same data centre in Texas. (Texas1 and Texas2), 1 VPS in England and 1 VPS in Atlanta and on Ubuntu.
I set up the England VPS as my OpenVPN Server, and all the others as clients. Relevant server config:
port 1194 proto udp dev tap server 10.20.0.0 255.255.0.0 ifconfig-pool-persist ipp.txt client-to-client
Client config:
client remote myserver 1194 dev tap proto udp resolv-retry infinite nobind
I was delighted (after adding client-to-client) that Texas1 and Texas2 could ping each other on the VPN ips. The problem is, when they ping on the public IP it takes <1ms, when they ping on the Internal IP 10.20.0.x it takes 226ms (coincidentally pinging England is 113ms).
This is my entire configuration, I'm terrified of bridges, and iptables (though I'm evidently going to have to learn). I'm very new to the server side, mainly do web development and am learning with Ubuntu 10.04.
Can anyone advise how I can best get clients to cut out the server and so bandwidth is not wasted and sent to another continent on its way. I'm also going to want to add my windows home network (I have DD-WRT router) to the VPN using the router as a client, I think I'm going to have to have it set up with its own subnet?
Can anyone advise the best way to achieve my goals? Thank you very much!
In order to get clients to talk to each other direct, without using the central server node, you're going to have to setup what is commonly called a mesh network -- where all your nodes have connections to all the others (what you're doing now is generally referred to as "hub and spoke").
I'm not currently aware of any "nice" (read: easy) way to manage this with OpenVPN, unfortunately. Where your site is fairly simple (4 nodes, counting your DD-WRT at home), this might not be that bad. After that point, you're going to start experiencing the pain of managing static routes to each subnet via the OpenVPN server at each node.
I'm sorry this wasn't a more "hopeful" post, but please let me know if I can help you with any of the config. or clarifications.