[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Securing *all* traffic over a wireless network - how?

  • Subject: Re: [Openvpn-users] Securing *all* traffic over a wireless network - how?
  • From: Louis <openvpn@xxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 13 Dec 2004 11:27:13 -0500


First thing you'll want to do is change from a bridged (dev tap) setup
to a routed one (dev tun). Basically, you want to run a DHCP server on
your access point to hand out addresses so that your wireless clients
can initiate udp/ip communication with the OpenVPN server. Set the DHCP

How do I go about initiating the wireless interface directly to the UDP/IP port? Right now I am first getting a DHCP address over the air to the AP (Client: AP: -- then starting openvpn.

I actually want to keep the AP open and unencrpyed for other clients
(public access point), but I want my connection to be fully encrpyted
(traffic + DNS etc).

I was thinking with the option "--redirect-gateway local" is there to do
what I need, basically route everything over that secure tunnel after I
initiate it -- but this appears to give an error on the client "Options
error: unknown --redirect-gateway flag: 'local'" -- does anyone know if
this is a bug or if I'm doing something wrong with it?  Can I just
manually change my routes to make this happen (is that this option would
do anyway?)

Here is what my interface/routes look like (After wifi connect and then
openvpn start):
1) After I first connect to my AP
ath0      Link encap:Ethernet  HWaddr [removed]
          inet addr:  Bcast:  Mask:
          inet6 addr: [removed]/64 Scope:Link
          RX packets:11281 errors:1510 dropped:0 overruns:0 frame:1510
          TX packets:9438 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:199
          RX bytes:9207081 (8.7 MiB)  TX bytes:1684308 (1.6 MiB)
          Interrupt:11 Memory:22900000-22910000

tun0      Link encap:UNSPEC  HWaddr [removed]
          inet addr:  P-t-P:  Mask:
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:40 (40.0 b)

# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface UGH       0 0          0
ath0 UH        0 0          0
tun0 UGH       0 0          0
tun0     U         0 0          0
ath0       U         0 0          0
ath0         UG        0 0          0

Actually, I just realized I have configured 'remote' in my
OpenVPN client config which is my LAN interface on my m0n0wall box.  But
my wireless interface is OPT1 which I am initially connecting
to, I probably want to have OpenVPN bound to OPT1 -- I wonder if that is
my problem with DNS traffic going cleartext (will test this evening).



Openvpn-users mailing list