[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] WinXP client routing & redirect-gateway


  • Subject: [Openvpn-users] WinXP client routing & redirect-gateway
  • From: LG Sander <lgs20040730@xxxxxxxxxx>
  • Date: Sun, 5 Dec 2004 14:58:36 +0100

Dear list

My openvpn setup is running very smoothly and much more reliable than my 
former Openswan IPSEC solution, but...

When I want to route all client communication over the VPN via the "push 
"redirect-gateway"" option - my client gets into a routing loop (when using a 
RAS internet dial up). Without that option, connection to the machines in the 
VPN is perfect and internet surf is good too, but just not over the VPN link. 
On WinXP I have tried to change the ordering of the Devices 
(Advanced->Advanced Settings) - I have had my TAP device on top of my RAS and 
LAN devices and I have had it bellow them with no difference. (LInux server & 
WinXP client are both running OpenVPN 2.0_beta15). If I hook up to my VPN 
from behind some NAT gateway - things are fine (all packets are routed over 
the VPN).

This is the ethereal output on the client on the tun device (yes - I am 
routing):

Source    Destination    Protocol Info
10.7.0.6  81.62.MY.GW   UDP      Source port: 1194  Destination port: 1194
10.7.0.6  81.62.MY.GW   IP       Fragmented IP protocol (proto=UDP 0x11, 
off=1480)
10.7.0.6  81.62.MY.GW   UDP      Source port: 1194  Destination port: 1194
10.7.0.6  81.62.MY.GW   IP       Fragmented IP protocol (proto=UDP 0x11, 
off=1480)
10.7.0.6  81.62.MY.GW   UDP      Source port: 1194  Destination port: 1194
10.7.0.6  81.62.MY.GW   IP       Fragmented IP protocol (proto=UDP 0x11, 
off=1480)

This is an endless loop and it is not only driving Openvpn crazy - me too. My 
server config is as follows (the clients config is fairly bare):

---server config----
proto udp
dev tun
server 10.7.0.0 255.255.255.0 
tls-auth /etc/openvpn/tls-auth.key 
max-clients 1
route-gateway 10.7.0.1
ccd-exclusive
client-config-dir ccd
push "ip-win32 dynamic"
keepalive 10 60
comp-lzo
status /var/log/openvpn-status.log
verb 4
dh /etc/openvpn/dh1024.pem
ca /etc/ipsec.d/cacerts/cacert.pem
cert /etc/openvpn/cert.pem
key /etc/openvpn/key.pem
crl-verify /etc/ipsec.d/crls/crl.pem
mute 10
push "route 192.168.0.0 255.255.255.0"
push "route 10.7.0.0 255.255.255.0"
push "redirect-gateway def1"
#push "dhcp-option DNS 192.168.0.1"
#push "dhcp-option WINS 192.168.0.1"
#mssfix 1450
#client-to-client
---server config----
As said - this VPN runs fine - as long as I comment out the line "push 
"redirect-gateway def1"". Just to 

I am just not able to get all client communication over the VPN - what is 
wrong here ;-) ?

TIA
Lars

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users