On 04/05/2011 09:34 AM, Jima wrote:
> Another option if you only want to access a few hosts in your private
> network: assign them IPs that would be constrained within a smaller
> address block -- I'd suggest a /26 or smaller that isn't at the "top" or
> "bottom" of the /24, thus avoiding including .1 and .254 (generally the
> most common gateway addresses) -- and have your OpenVPN push the route
> for that block to the client. Linux should give the more-specific route
> (the ~/26 over the VPN) priority over the less-specific one (the local
> /24) in the event of a /24 overlap. (Excluding .1/.254 is probably
> necessary to avoid breaking your default route out of the network, FWIW.)
...or use the IPv6 payload patch for OpenVPN and IPv6 ULA address
space, and push that route over the VPN. While ULA isn't guaranteed to
be unique (despite the name, Unique Local Address), it's far less
statistically probable to run into a similar address space overlap,
especially with the minimal amount of IPv6 deployment out there.
Jima