On Thu, 20 Jan 2005, Pascal Deliot wrote:
I think you should try to not change the default gateway for you windows
boxes. I mean that you should have only one default gateway for one
computer, and most of the time used for internet connection. Then if you
put the default gateway on your windows box to your private network,
then the computer lost the way thrue internet to the openvpn server. You
must add a (or some) valid routes to your private network and do not
override the default gateway of your openvpn client. I think this will
be a better way doing the things.
It's perfectly okay to replace the default gateway like Andrew tried to
do, as long as you add a host route to the openvpn server through the real
The benefit of this is that all traffic then goes through the office, so
it looks more like "beeing at the office".
Because of the problems Andrew described, the --redirect-gateway option
was added in OpenVPN to handle this automatically.
I also prefer using the "def1" parameter of --redirect-gateway, which uses
the trick of adding two new routes, 0.0.0.0/1 and 188.8.131.52/1 instead of
replacing the old default gateway. It also has the effect that all traffic
is routed through OpenVPN, but you don't have to delete and re-instert the
real default gw.
Even though I havn't verified it, I'm a fraid that a DHCP-renew could
reinsert the old default gateway while you're connected. If you use
'def1', you're not affected by that as the /1 routes always take
precedance over the /0 route.
James, is there any drawback of using the 'def1' parameter, or why don't
we make this behaviour the default for --redirect-gateway?
De : openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx [mailto:openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx] De la part de Andrew Alston
Envoyé : jeudi 20 janvier 2005 08:14
À : openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Objet : [Openvpn-users] Routing problems
I'm wondering if anyone can help me out. Im currently running a FreeBSD
openvpn server at work and OpenVPN clients on various windows boxes on
the outside. Im using the dev tun mode, and all works fine, the tunnel
comes up, etc etc
The problem is this, when I push the default gateway to the windows
boxes, the boxes recieve the default gateway and promptly lose
connection to the vpn server unless I have first manually added a route
for the vpn server box out of the window boxes original default gateway.
This is a real pain as these are adsl links and the default gateways
before establishing the vpns change all the time, so before I establish
the vpn on the windows boxes I have to do a netstat -nr, then a route
add vpnserver <gateway> with the gateway being the boxes current default
gateway, I then establish the vpn link and the default route changes and
Dont add the manual static route first the box forgets how to connect to
the vpn server and everything dies horribly.
Is there any way I can automate the addition of that static route to a
dynamic gateway like that?
Mathias Sundman (^) ASCII Ribbon Campaign
OpenVPN GUI for Windows X NO HTML/RTF in e-mail
http://www.nilings.se/openvpn / \ NO Word docs in e-mail