Remote access topology (server only)
In remote access mode, two different remote access topologies can be configured by using the topology argument. The two different topologies are subnet and point-to-point, as shown in the following example.
Configuration options related to topology
interfaces {
openvpn if_name{
server {
topology [subnet|point-to-point]
}
}
}
The topology argument primarily specifies how the tunnel interface is configured, how the addresses are allocated, and so on. At a high level, these topologies have the following implications.
- subnet: This topology is compatible with OpenVPN clients on Windows hosts and is the default if topology is not used. Routing protocols that are configured to use a broadcast-style network are suited to this topology. However, this topology does not provide client isolation; that is, clients can reach one another.
- point-to-point: This topology is not compatible with Windows clients, and routing protocols using a broadcast-style network do not work with this topology. On the other hand, this topology provides client isolation.