Re: [Openvpn-users] tunnel ALL road warrior(XP) ip traffic to openvpn possible ?

["James Yonan" <jim@xxxxxxxxx>]

gary ng <garyng2000@xxxxxxxxx> said:

> Hi,
> 
> I have gone through the examples and list archive but
> haven't find a readily available solution and hope to
> get some pointer. The scenario :
> 
> XP
> <---->ISP2<---->ISP1<--->linux<--->private(10.0.1.x)
> 
> It should be possible to setup an openvpn channel from
> XP to the private subnet through openvpn running on
> the linux machine.
> 
> What I want though is to have ALL ip request on XP
> routed through that channel and not just simply the
> private subnet(10.0.1.x) so effectively every ip(to
> private as well as public) will go through the office
> network. If I set the default gateway on XP to say
> 10.0.1.1(that is on the office side), openvpn by
> itself will fail as it needs to go through the public
> internet and route things back to office.

Gary,

The way this is usually done is to route all traffic through the VPN _except_
the UDP/TCP connection itself between the two OpenVPN hosts (these hosts, of
course, need to communicate directly, otherwise you would have a routing loop).

The way to do this is to (a) first specify a route which routes traffic to the
remote VPN host's public IP through that host's internet gateway.  While such
a route would ordinarily not be needed, we need it now because of what we are
going to do next... (b) set the gateway to be the remote VPN endpoint (this
host must be prepared to act as a remote gateway for clients virtually
connected to a TUN or TAP virtual device). 

(b) by itself would create a routing loop, but (a) provides an exception to
the (b) rule, allowing the OpenVPN hosts themselves to communicate outside the
VPN.

James


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users