[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Securing *all* traffic over a wireless network - how?


  • Subject: Re: [Openvpn-users] Securing *all* traffic over a wireless network - how?
  • From: Louis <openvpn@xxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 13 Dec 2004 11:27:13 -0500

David,

First thing you'll want to do is change from a bridged (dev tap) setup
to a routed one (dev tun). Basically, you want to run a DHCP server on
your access point to hand out addresses so that your wireless clients
can initiate udp/ip communication with the OpenVPN server. Set the DHCP

How do I go about initiating the wireless interface directly to the UDP/IP port? Right now I am first getting a DHCP address over the air to the AP (Client: 10.10.10.199 AP: 10.10.10.1) -- then starting openvpn.

I actually want to keep the AP open and unencrpyed for other clients
(public access point), but I want my connection to be fully encrpyted
(traffic + DNS etc).

I was thinking with the option "--redirect-gateway local" is there to do
what I need, basically route everything over that secure tunnel after I
initiate it -- but this appears to give an error on the client "Options
error: unknown --redirect-gateway flag: 'local'" -- does anyone know if
this is a bug or if I'm doing something wrong with it?  Can I just
manually change my routes to make this happen (is that this option would
do anyway?)

Here is what my interface/routes look like (After wifi connect and then
openvpn start):
1) After I first connect to my AP
ath0      Link encap:Ethernet  HWaddr [removed]
          inet addr:10.10.10.184  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: [removed]/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11281 errors:1510 dropped:0 overruns:0 frame:1510
          TX packets:9438 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:199
          RX bytes:9207081 (8.7 MiB)  TX bytes:1684308 (1.6 MiB)
          Interrupt:11 Memory:22900000-22910000

tun0      Link encap:UNSPEC  HWaddr [removed]
          inet addr:10.1.1.6  P-t-P:10.1.1.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:40 (40.0 b)

# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
192.168.3.1     10.10.10.1      255.255.255.255 UGH       0 0          0
ath0
10.1.1.5        0.0.0.0         255.255.255.255 UH        0 0          0
tun0
10.1.1.1        10.1.1.5        255.255.255.255 UGH       0 0          0
tun0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0
ath0
10.0.0.0        0.0.0.0         255.0.0.0       U         0 0          0
ath0
0.0.0.0         10.1.1.5        0.0.0.0         UG        0 0          0
tun0

Actually, I just realized I have configured 'remote 192.168.3.1' in my
OpenVPN client config which is my LAN interface on my m0n0wall box.  But
my wireless interface is OPT1 10.10.10.1 which I am initially connecting
to, I probably want to have OpenVPN bound to OPT1 -- I wonder if that is
my problem with DNS traffic going cleartext (will test this evening).

Thanks...

Louis







____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users