[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Another question

  • Subject: [Openvpn-users] Another question
  • From: "Akuma Daimao" <akumadaimao@xxxxxxxxx>
  • Date: Thu, 10 May 2007 21:02:24 -0400

I'm having a lot of difficulty with this, possibly owing to my lack of
in-depth understanding of how networking works and possibly because
I'm trying to do something that the program wasn't designed for.

Please bear with me while I explain.

I have, at my home, a LAN set up using a Belkin router with built-in
WAP.  This LAN is connected through the router to broadband internet.

At school, I use a laptop with a wireless connection to the school's
network.  Access to the outside is through a proxy (not sure what
kind), and that proxy blocks most ports (except for the basics -- SSH,
HTML and AIM are pretty much the only ones that are open).

I have SSH running on my home machine, which we'll call the Server.
This allows me to create SSH tunnels, since I have 22 open on the LAN
router/gateway pointing to the Server.  So the setup is basically:

Laptop (client) --> School proxy --> Internet --> Home router --> Server

Now, I've set up OpenVPN to connect using an SSH tunnel.  I have it so
that port 9000 on the client tunnels to port 1194 on the Server while
the SSH connection is active.  I have successfully configured things
so that I can connect to the OpenVPN server and ping both the OpenVPN
server IP (172.x) and internal network addresses (192.168.x) from the

Here are the config files I am using:

dev tun
proto tcp
remote localhost 9000 # Tunnels to 192.168.x:1194 while SSH is active
resolv-retry infinite
ca ca.crt
cert matthew.crt
key matthew.key
ns-cert-type server
tls-auth ta.key 1
cipher BF-CBC
verb 3
mute 20
route 192.168.x.0

port 1194
proto tcp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/cain.crt
key /etc/openvpn/cain.key  # This file should be kept secret
dh /etc/openvpn/dh1024.pem
server 172.x.0.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0 # This file is secret
cipher BF-CBC        # Blowfish (default)
max-clients 10
user nobody
group nogroup
status openvpn-status.log
verb 3

Again, using this setup I can ping the OpenVPN server using either its
172.x address or its 192.168.x address, and I can also ping the router
using its 192.168.x address.

I know that it's possible to set up PuTTY to run a SOCKS proxy over a
given port that I can then funnel traffic through using SocksCap, but
that isn't automatic nor is it really seamless.  What I'd really like
to do is use the OpenVPN adapter as the default for internet traffic,
so that all of my traffic (web browsing, IM clients, online gaming)
goes through the SSH tunnel and the VPN. Someone pointed me to a HOWTO
to do this; it basically said that I had to add these lines to the
server config:

push "redirect-gateway def1"
push "dhcp-option DNS 172.x.0.1"

I do that, and the entire connection dies.  The tunnel collapses, I
can't ping anything anymore, it basically wipes out my internet.

I notice that, when I add those options to the server file, the
"default gateway" for my VPN device becomes 172.x.0.5; is it perhaps
because the default gateway doesn't become 172.x.0.1 that things stop
working?  Or am I inadvertently setting up some kind of feedback loop
because of the SSH tunnel?  If that's the case, is there any way to
avoid this?

Any help anyone could give would be appreciated.  I've read through
the documentation but to a large extent I'm finding myself lost.
OpenVPN mailing lists