Re: [Openvpn-users] pushing server network as route to client stops openvpn

[Mathias Sundman <mathias@xxxxxxxxxx>]

On Fri, 2 Dec 2005, Sascha Lucas wrote:

> > >  When ever I push a network route that includes the servers IP, the VPN
> > >  connection stops working. I.e. push "route 129.69.90.128 
> > > 255.255.255.248".
> > >  On the client side it looks like this:
> >
> > ehh... Think about it for a few more seconds.. You are pushing a route 
> > to the client that sais that is should route traffic for 
> > 129.69.90.128/29 via your OpenVPN tunnel! What about the OpenVPN 
> > traffic itself, how is it now supposed to find it´s way to your server 
> > 129.69.90.133?
>
> After some seconds of thinking I beleave I just followed the Howto 
> (http://openvpn.net/howto.html#scope). p2p works (nothing pushed). So I 
> pushed the Servers net "route 129.69.90.128 255.255.255.248". I.e. to 
> reach 129.69.90.130 via the VPN.

So, don't you understand that that will break the routing of the OpenVPN 
tunnel itself, or do you think that OpenVPN should always be smart enough 
to figure out that your server IP is part of the route you are trying to 
push so it would automatically add a host route for the server?

> > You will have to either push a host route for 129.69.90.133 via your old 
> > default gateway, or split the subnet into smaller pieces that does not 
> > include .133 and push them all.
>
> The host route via my old GW is set by openvpn when useing push 
> "redirect-gateway def1"

Yes, when you use --redirect-gateway, there is always a host route added 
as it is always needed. When pushing normal routes, it´s rather uncommon 
to push the subnet that your server belongs to so no host route is 
added.

--
_____________________________________________________________
Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://openvpn.se/               / \   NO Word docs in e-mail