[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] pushing server network as route to client stops openvpn

  • Subject: Re: [Openvpn-users] pushing server network as route to client stops openvpn
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Sun, 4 Dec 2005 17:49:12 -0700 (MST)
On Fri, 2 Dec 2005, Sascha Lucas wrote:

> >>  After some seconds of thinking I beleave I just followed the Howto
> >>  (http://openvpn.net/howto.html#scope). p2p works (nothing pushed). So I
> >>  pushed the Servers net "route 129.69.90.128 255.255.255.248". I.e. to
> >>  reach 129.69.90.130 via the VPN.
> >
> > So, don't you understand that that will break the routing of the OpenVPN 
> > tunnel itself, or do you think that OpenVPN should always be smart enough to 
> > figure out that your server IP is part of the route you are trying to push so 
> > it would automatically add a host route for the server?
> 
> Yes, I understand! But I think the next one: OpenVPN should always be 
> smart enough to discover that this pushed route includes the Servers IP.

Probably a warning would be appropriate.  There are already a number of 
warnings that try to detect these types of conditions, though I'm not sure 
that this particular case is covered right now.

> > Yes, when you use --redirect-gateway, there is always a host route added as 
> > it is always needed. When pushing normal routes, itīs rather uncommon to push 
> > the subnet that your server belongs to so no host route is added.
> 
> realy uncommon? What if your company has a class B Network 
> (129.69.0.0/16), you place your VPN Server somewhere in this net and you 
> want your clients to access 129.69.0.0/16 via the VPN-Tunnel?
> 
> I have a workaround for now:
> 
> I replaced push "route 129.69.0.0 255.255.0.0" with
> 
> push "route 129.69.0.0 255.255.192.0"
> push "route 129.69.64.0 255.255.240.0"
> push "route 129.69.80.0 255.255.248.0"
> push "route 129.69.88.0 255.255.254.0"
> push "route 129.69.90.0 255.255.255.128"
> push "route 129.69.90.128 255.255.255.252"
> push "route 129.69.90.132 255.255.255.255"
> push "route 129.69.90.134 255.255.255.254"
> push "route 129.69.90.136 255.255.255.248"
> push "route 129.69.90.144 255.255.255.240"
> push "route 129.69.90.160 255.255.255.224"
> push "route 129.69.90.192 255.255.255.192"
> push "route 129.69.91.0 255.255.255.0"
> push "route 129.69.92.0 255.255.252.0"
> push "route 129.69.96.0 255.255.224.0"
> push "route 129.69.128.0 255.255.128.0"
> 
> just to exclude 129.69.90.133. This is .... not nice :-(

You don't need to do this.  Just use your current route, but add a host 
route to route OpenVPN payload packets directly to the next hop gateway:

  push "route remote_host 255.255.255.255 net_gateway"

remote_host should substitute to 129.69.90.133 and net_gateway should 
substitute to the machine's default gateway.

James


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-12/msg00074.html on line 238

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-12/msg00074.html on line 238