[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: [Openvpn-users] pushing server network as route to client stops openvpn

Subject: Re: [Openvpn-users] pushing server network as route to client stops openvpn
From: Mathias Sundman <mathias@xxxxxxxxxx>
Date: Fri, 2 Dec 2005 16:25:00 +0100 (CET)

On Fri, 2 Dec 2005, Sascha Lucas wrote:

 After some seconds of thinking I beleave I just followed the Howto
 (http://openvpn.net/howto.html#scope). p2p works (nothing pushed). So I
 pushed the Servers net "route 129.69.90.128 255.255.255.248". I.e. to
 reach 129.69.90.130 via the VPN.
So, don't you understand that that will break the routing of the OpenVPN tunnel itself, or do you think that OpenVPN should always be smart enough to figure out that your server IP is part of the route you are trying to push so it would automatically add a host route for the server?
Yes, I understand! But I think the next one: OpenVPN should always be smart enough to discover that this pushed route includes the Servers IP.


Might be useful yes.

Yes, when you use --redirect-gateway, there is always a host route added as it is always needed. When pushing normal routes, it´s rather uncommon to push the subnet that your server belongs to so no host route is added.
realy uncommon? What if your company has a class B Network (129.69.0.0/16), you place your VPN Server somewhere in this net and you want your clients to access 129.69.0.0/16 via the VPN-Tunnel?
I have a workaround for now:
I replaced push "route 129.69.0.0 255.255.0.0" with
push "route 129.69.0.0 255.255.192.0"
push "route 129.69.64.0 255.255.240.0"
push "route 129.69.80.0 255.255.248.0"
push "route 129.69.88.0 255.255.254.0"
push "route 129.69.90.0 255.255.255.128"
push "route 129.69.90.128 255.255.255.252"
push "route 129.69.90.132 255.255.255.255"
push "route 129.69.90.134 255.255.255.254"
push "route 129.69.90.136 255.255.255.248"
push "route 129.69.90.144 255.255.255.240"
push "route 129.69.90.160 255.255.255.224"
push "route 129.69.90.192 255.255.255.192"
push "route 129.69.91.0 255.255.255.0"
push "route 129.69.92.0 255.255.252.0"
push "route 129.69.96.0 255.255.224.0"
push "route 129.69.128.0 255.255.128.0"
just to exclude 129.69.90.133. This is .... not nice :-(

Yes, that was what I ment with splitting up the route in smaller pieces. Why don´t you try my other suggestion if you didn´t like this solution. Push a host route for your openvpn server IP. There is a keyword to use for the gateway address that will resolve to your old default gateway, look it up in the manpage.

--
_____________________________________________________________
Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://openvpn.se/               / \   NO Word docs in e-mail

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-12/msg00037.html on line 220

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-12/msg00037.html on line 220