[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Routing problem -- routing client traffic through VPN

  • Subject: Re: [Openvpn-users] Routing problem -- routing client traffic through VPN
  • From: Scott McCool <mccoolscott@xxxxxxxxx>
  • Date: Fri, 5 May 2006 08:20:27 -0700 (PDT)
Nothing like writing a long email only to realize
after sending it where the problem was.  I'm not sure
what was going on earlier when I decided to start
adding new routes, but removing the route-up command
altogether and simply using the redirect-gateway def1
option works like a charm!

Correct routing table:

Kernel IP routing table
Destination     Gateway         Genmask         Flags
Metric Ref    Use Iface
10.200.77.2     *               255.255.255.255 UH   
0      0        0 tun0
192.168.0.0     *               255.255.255.0   U    
0      0        0 eth0
10.200.77.0     10.200.77.2     255.255.255.0   UG   
0      0        0 tun0
169.254.0.0     *               255.255.0.0     U    
0      0        0 eth0
default         192.168.0.1     0.0.0.0         UG   
0      0        0 eth0




--- Scott McCool <mccoolscott@xxxxxxxxx> wrote:

> 
> I'm running OpenVPN 2.0.7 on a redhat Fedora core 4
> box behind a dlink router.
> 
> OpenVPN machine:
>  eth0: 192.168.0.200 static (using a default route
> through 192.168.0.1, held by a dlink router
> connected
> to my dsl line).
>  tun0: 10.200.77.0/24
> 
> In order to get internet traffic from client routed
> through the VPN connection, I enabled ip forwarding
> then added the following to my server .conf file:
> 
> push "redirect-gateway def1"
> 
> That didn't seem to work, so I played around with
> some
> route commands until I discovered:
> 
> route-up "route add -net 192.168.0.0 netmask
> 255.255.255.0 gw 10.200.77.1"
> 
> 
> This accomplishes the task, sort of.  With this
> route
> added once openvpn is running, VPN clients can
> access
> all 192.168.0.x hosts as well as route their
> internet
> traffic through the VPN.  Everything would be fine,
> except that the route seems to break local traffic
> on
> the machine itself; the vpn host/server can no
> longer
> reach 192.168 machines.
> 
> Clearly the route that I just made up isn't correct,
> so after all this my question is:
> 
> In order to route VPN client internet traffic
> through
> the VPN and out to the internet via the default
> gateway on the VPN server (which has a single
> physical
> ethernet adapter), and still have traffic on the VPN
> server itself working, what route-up command should
> I
> use?
> 
> ------------
> 
> Server routing table with VPN running (VPN clients
> work fine, server itself can't reach other 192.168.0
> addresses):
> 
> Kernel IP routing table
> Destination     Gateway         Genmask        
> Flags
> Metric Ref    Use Iface
> 10.200.77.2     *               255.255.255.255 UH  
> 
> 0      0        0 tun0
> 192.168.0.0     10.200.77.1     255.255.255.0   UG  
> 
> 0      0        0 tun0
> 192.168.0.0     *               255.255.255.0   U   
> 
> 0      0        0 eth0
> 10.200.77.0     10.200.77.2     255.255.255.0   UG  
> 
> 0      0        0 tun0
> 169.254.0.0     *               255.255.0.0     U   
> 
> 0      0        0 eth0
> default         192.168.0.1     0.0.0.0         UG  
> 
> 0      0        0 eth0
> 
> 
> Server routing table without openvpn running (server
> can reach 192.168.0.0 hosts):
> 
> Kernel IP routing table
> Destination     Gateway         Genmask        
> Flags
> Metric Ref    Use Iface
> 192.168.0.0     *               255.255.255.0   U   
> 
> 0      0        0 eth0
> 169.254.0.0     *               255.255.0.0     U   
> 
> 0      0        0 eth0
> default         192.168.0.1     0.0.0.0         UG  
> 
> 0      0        0 eth0
> 
> 
> 
> 
> Thanks!  I apologize for my weak routing-fu (:
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> 
> 
>
-------------------------------------------------------
> web services, security?
> Get stuff done quickly with pre-integrated
> technology to make your job easier
> based on Apache Geronimo
>
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>
https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 
http://mail.yahoo.com 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-05/msg00062.html on line 346

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-05/msg00062.html on line 346