[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Routing problem -- routing client traffic through VPN

  • Subject: [Openvpn-users] Routing problem -- routing client traffic through VPN
  • From: Scott McCool <mccoolscott@xxxxxxxxx>
  • Date: Fri, 5 May 2006 07:29:53 -0700 (PDT)
I'm running OpenVPN 2.0.7 on a redhat Fedora core 4
box behind a dlink router.

OpenVPN machine:
 eth0: 192.168.0.200 static (using a default route
through 192.168.0.1, held by a dlink router connected
to my dsl line).
 tun0: 10.200.77.0/24

In order to get internet traffic from client routed
through the VPN connection, I enabled ip forwarding
then added the following to my server .conf file:

push "redirect-gateway def1"

That didn't seem to work, so I played around with some
route commands until I discovered:

route-up "route add -net 192.168.0.0 netmask
255.255.255.0 gw 10.200.77.1"


This accomplishes the task, sort of.  With this route
added once openvpn is running, VPN clients can access
all 192.168.0.x hosts as well as route their internet
traffic through the VPN.  Everything would be fine,
except that the route seems to break local traffic on
the machine itself; the vpn host/server can no longer
reach 192.168 machines.

Clearly the route that I just made up isn't correct,
so after all this my question is:

In order to route VPN client internet traffic through
the VPN and out to the internet via the default
gateway on the VPN server (which has a single physical
ethernet adapter), and still have traffic on the VPN
server itself working, what route-up command should I
use?

------------

Server routing table with VPN running (VPN clients
work fine, server itself can't reach other 192.168.0
addresses):

Kernel IP routing table
Destination     Gateway         Genmask         Flags
Metric Ref    Use Iface
10.200.77.2     *               255.255.255.255 UH   
0      0        0 tun0
192.168.0.0     10.200.77.1     255.255.255.0   UG   
0      0        0 tun0
192.168.0.0     *               255.255.255.0   U    
0      0        0 eth0
10.200.77.0     10.200.77.2     255.255.255.0   UG   
0      0        0 tun0
169.254.0.0     *               255.255.0.0     U    
0      0        0 eth0
default         192.168.0.1     0.0.0.0         UG   
0      0        0 eth0


Server routing table without openvpn running (server
can reach 192.168.0.0 hosts):

Kernel IP routing table
Destination     Gateway         Genmask         Flags
Metric Ref    Use Iface
192.168.0.0     *               255.255.255.0   U    
0      0        0 eth0
169.254.0.0     *               255.255.0.0     U    
0      0        0 eth0
default         192.168.0.1     0.0.0.0         UG   
0      0        0 eth0




Thanks!  I apologize for my weak routing-fu (:



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 
http://mail.yahoo.com 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-05/msg00059.html on line 266

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-05/msg00059.html on line 266