[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-devel] [PATCH] Stick routes to interfaces for Linux


  • Subject: Re: [Openvpn-devel] [PATCH] Stick routes to interfaces for Linux
  • From: Petre Rodan <kaiowas@xxxxxxxxxx>
  • Date: Fri, 28 Apr 2006 22:17:57 +0300

Hi Roy,

On Fri, Apr 28, 2006 at 12:28:46PM +0100, Roy Marples wrote:
> On Monday 17 April 2006 18:22, Petre Rodan wrote:
> > I have the following on the server's setup:
> >
> > push "route 10.0.0.0 255.255.255.0"
> > push "route 0.0.0.0 0.0.0.0"
> > push "redirect-gateway local"
> 
> .. snip ..
> 
> >
> > but with a patched beta14 version, I end up having 2 default gateways:
> >
> > it basically fails to remove my old default gateway.
> 
> I don't see that as an error as you're pusing a new gateway "route 0.0.0.0 
> 0.0.0.0" and you're saying redirect local.
> 
> So you would want to do either one or the other.

	if "redirect-gateway local" would have worked as expected, I would not be forced to also use "route 0.0.0.0 0.0.0.0". the thing is that if only "redirect-gateway local" is used and the client does not have a default route, a default route will NOT be added when openvpn is started [1].

	how does one end up not having a default gateway? simple. just stop the openvpn client, and you end up with no more default route. (only if that default route was placed there by openvpn itself of course)

IMHO "redirect-gateway local" should either set a default route even if one has not been found OR restore the default gateway he changed (on exit). otherwise I find it's usefulness limited.

to summarize, the 'push "route 0.0.0.0 0.0.0.0"' is used to force the client to have a default route thru the tun device (whatever state the client is in),
and 'push "redirect-gateway local"' is used to remove the old default gateway of the client, if one was present at the time openvpn was started. if I remove either of them, the client will be unable to use the network as expected. having a higher metric on the original default gateway fixes the problem, but not all clients have an elevated metric for the gateway.

[1]
Apr 28 21:33:21 [openvpn] /sbin/ifconfig tun0 10.0.2.6 pointopoint 10.0.2.5 mtu 1500
Apr 28 21:33:21 [openvpn] NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
# route -n | grep '^0.0.0.0' &>/dev/null || echo 'no default here'
no default here

cheers,
petre rodan

-- 
petre rodan
<kaiowas@xxxxxxxxxx>
Developer,
Hardened Gentoo Linux

Attachment: pgpSAVBWRWy9w.pgp
Description: PGP signature