[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] No gateway/default route set on openvpn client.


  • Subject: [Openvpn-users] No gateway/default route set on openvpn client.
  • From: Elmar Athmer <linux@xxxxxxxxxxxxxxxx>
  • Date: Tue, 24 Jul 2007 11:47:36 +0200

Hi

I'm trying to secure my WLAN (WEP) with openvpn, but openvpn doesn't set
the default route. If I add the default route manually the internet
access from WLAN clients works as desired.
The (OpenVPN) Server is an OpenBSD-Box, with 3 NICs.
fxp0 (192.168.1.2) for normal access from the OpenBSD Box to LAN.
ath0 (192.168.2.1) WLAN access point, openvpn server listens on this
ip/device
tun0 and dc0 are bridg0 (bridges for openvpn clients accessing the LAN).
Maybe I should mention: tun devices on openbsd can also work like
tap-devices on other OSs.

What works: The client (atm moment Debian sid, later Windows XP and
FreeBSD clients follow) connects to the AP 192.168.2.1 gets an IP from
the DHCP Server on the OpenBSD Box (e.g. 192.168.2.12), connects to
openvpn server, tap0 is set up with IP 192.168.1.200. So I still have to
do a "route add default gw 192.168.1.1".
So I tried to put the OpenBSD in server mode (mode server, tls-server,
ifconfig-pool-persist and server-bridge commented out) to get an IP from
the DHCP Server. But then I must manually execute "dhclient tap0", and
because the tap device always changes the MAC-address, I can't assign a
fixed IP adress, so I can't mount nfs-devices. And I would like to deny
unknown clients on the dhcp server, and restrict internet access-mac
based (I'll have to think about howto do this excactly when OpenVPN
works as desired).
I thought about scripts to connect via openvpn, but I would like to have
all the config in OpenVPN, since the clients will be different OSs (and
I would have to find out first how to set a default route, and writing
scripts etc. on Windows :-P).

When connecting, I get these messages:
PUSH_REPLY,route-gateway 192.168.1.1,ping 10,ping-restart 120,ifconfig
192.168.1.200 255.255.255.0
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
TUN/TAP device tap0 opened
/sbin/ifconfig tap0 192.168.1.200 netmask 255.255.255.0 mtu 1500
broadcast 192.168.1.255

On serverside:
PUSH: Received control message: 'PUSH_REQUEST'
client1/192.168.2.12:32948 SENT CONTROL [client1]:
'PUSH_REPLY,route-gateway 192.168.1.1,ping 10,ping-restart 120,ifconfig
192.168.1.200 255.255.255.0' (status=1)

So, long description (hope it's exact enough), here's my config:

server:
local 192.168.2.1
port 1194
proto udp
dev tun0
dev-type tap
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.1.1 255.255.255.0 192.168.1.200 192.168.1.250
keepalive 10 120
user _openvpn
group _openvpn
persist-key
persist-tun
status openvpn-status.log
verb 3

client:
client
dev tap
proto udp
remote 192.168.2.1 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
verb 3


So I hope anybody can help me (or I'm just doing a very stupid mistake)

Thanks in advance

Elmar

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users