![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
I've successfully installed, configured, and run an OpenVPN-based VPN using per-client certificates and all-Linux hosts. There are two network layouts that I'm trying to achieve with this software, one has worked out and the other has left me without a clue.
The first layout, which worked fine and I have no questions about, is a "solar system" model with a number of clients auth'ing to and communicating with the VPN server, and not communicating with other clients. That was straightforward.
The other layout was the one where all clients can communicate with each other. I reconfigured the server to allow client to client communication, but when I exported an NFS share from one client to another, it seems that all the traffic passes first through the VPN server before reaching the destination client. This is not the desired behavior, even if it is the correct behavior for this configuration.
I'm looking for something sort of like what Hamachi does - the server negotiates the VPN tunnels and authentication, then sits back and lets peer to peer connections take place without shunting all the traffic through the server.
Can I achieve true peer to peer over a secure VPN with OpenVPN, specifically with NFS shares? Can anyone point me in the right direction or provide some appropriate search terms? Thank you.
EDIT: I see a "mode p2p" directive for the server conf file - this was the default mode for OpenVPN 1.x, is it still the default for 2.x? Looks like I'm on my way to solving my problem. Sorry...
EDIT2: It seems like the bulk of the traffic is being sent p2p here, but I'm still seeing a bunch of overhead passing through the server. For 700kB/s going client to client, I'm seeing about 180kB/s total (90 up, 90 down) on the server. This is a bunch of overhead that I could do without. Is this possible? What does this data consist of? Anybody here administrate any larger VPNs that could share some insight?
The first layout, which worked fine and I have no questions about, is a "solar system" model with a number of clients auth'ing to and communicating with the VPN server, and not communicating with other clients. That was straightforward.
The other layout was the one where all clients can communicate with each other. I reconfigured the server to allow client to client communication, but when I exported an NFS share from one client to another, it seems that all the traffic passes first through the VPN server before reaching the destination client. This is not the desired behavior, even if it is the correct behavior for this configuration.
I'm looking for something sort of like what Hamachi does - the server negotiates the VPN tunnels and authentication, then sits back and lets peer to peer connections take place without shunting all the traffic through the server.
Can I achieve true peer to peer over a secure VPN with OpenVPN, specifically with NFS shares? Can anyone point me in the right direction or provide some appropriate search terms? Thank you.
EDIT: I see a "mode p2p" directive for the server conf file - this was the default mode for OpenVPN 1.x, is it still the default for 2.x? Looks like I'm on my way to solving my problem. Sorry...
EDIT2: It seems like the bulk of the traffic is being sent p2p here, but I'm still seeing a bunch of overhead passing through the server. For 700kB/s going client to client, I'm seeing about 180kB/s total (90 up, 90 down) on the server. This is a bunch of overhead that I could do without. Is this possible? What does this data consist of? Anybody here administrate any larger VPNs that could share some insight?