[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: Setting routes on a client connected to a LAN


  • Subject: Re: [Openvpn-users] Re: Setting routes on a client connected to a LAN
  • From: David Mir <mir@xxxxxxxxxxxx>
  • Date: Mon, 17 May 2004 15:41:48 -0400

Any changes to the route and your violating TCP/IP RFCs....Have you tried 
setting your client netmask to /32?  You can't define that you're a part of a 
network then tell them not to use the network(ARP etc will be messed up).  
Just a thought.....


On Monday 17 May 2004 02:56 pm, Tom Barcellona wrote:
> > a question regarding routing:
> > If I have a client residing in a remote LAN, for example with an IP of
> > 1.1.1.1/24, I can redirect its defauolt gateway to the openvpn server.
> > So far, so fine.
> > But still the client has a route to 1.1.1.0/24 via its local interface
> > 1.1.1.1. But I want to have /all/ traffic routes via the VPN. Is it
> > possible to do that (Ok, I could have a packet filter running on the
> > client side, bit this were the last resort)
> > (openvpn 2.x on both sides)
>
> I think "redirect-gateway" is what you are looking for. From the man page"
>
> --redirect-gateway ['local']
>     (Experimental) Automatically execute routing commands to cause all
> outgoing IP traffic to be redirected over the VPN. Currently
> implemented only on Linux and Windows.
>
>     This option performs three steps:
>
>     (1) Create a static route for the --remote address which forwards to
> the pre-existing default gateway. This is done so that (3) will not
> create a routing loop.
>
>     (2) Delete the default gateway route.
>
>     (3) Set the new default gateway to be the VPN endpoint address
> (derived either from --route-gateway or the second parameter to
> --ifconfig when --dev tun is specified).
>
>     Add local flag if both OpenVPN servers are directly connected via a
> common subnet, such as with wireless. The local flag will cause step 1
> above to be omitted.
>
>     When the tunnel is torn down, all of the above steps are reversed so
> that the original default route is restored.
>
> HTH
>
> Tom
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: SourceForge.net Broadband
> Sign-up now for SourceForge Broadband and get the fastest
> 6.0/768 connection for only $19.95/mo for the first 3 months!
> http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users

-- 
David Mir
Systems Administrator
Soar Technology, Inc.
3600 Green Ct. Ste 600
Ann Arbor, MI  48105-2588
734-327-8000 ext. 222
734-913-8537 (Fax)
www.soartech.com
mir@xxxxxxxxxxxx
Mobile Text (160 chars max):
mir_mobile@xxxxxxxxxxxx

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users