[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: Setting routes on a client connected to a LAN

  • Subject: Re: [Openvpn-users] Re: Setting routes on a client connected to a LAN
  • From: "Rob S. Wolfram" <rsw@xxxxxxxx>
  • Date: Mon, 17 May 2004 22:07:35 +0200

On Mon, May 17, 2004 at 09:38:10PM +0200, Mathias Sundman wrote:
> On Mon, 17 May 2004, Rainer Sokoll wrote:
> >>--redirect-gateway ['local']
> >                    ^^^^^^^^^
> >Overlooked this.
> >Just another example for "haste ist waste" :-(
> I don't think that is the option you're looking for. 'local' should only 
> be used if both your client machine and server is located on the same 
> subnet. If I understood you correct you want the usual --redirect-gateway 
> behaivior but also remove the route to the local subnet.
> Using 'local' will only make openvpn NOT add a /32 route for your server 
> to your gateway, as it is supposted to be found on the local subnet. So 
> the local subnet route will still remain.
> I don't think it is possible to do what you want. Atleast not the way 
> openvpn is written right now.
> I'm not sure it is possible to do at all. The local subnet route is 
> usually added by the OS itself when you assign an IP address to an 
> interface based on the subnet mask specified. Maybe it's possible to 
> remove this route add just add a /32 route for the original default 
> gateway, before the route for the openvpn server is added. That would be 
> rather cool..

I had a similar issue (using openvpn 1.5) and solved it via up/down
scripts. I have both a wired and wireless interface on my system and the
wireless is being protected via openvpn. When I initiate the VPN I just
remove the local subnet via the up script and I add it via the
down script. In this case, I think a host route to the peer system will
be needed though.

Rob S. Wolfram <rsw@xxxxxxxx>  OpenPGP key 0xD61A655D
   Giraffiti, n.:
   Vandalism spray-painted very, very high.

Openvpn-users mailing list