[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Sending Specific Internet Traffic ThroughVPN and rest through ISP


  • Subject: Re: [Openvpn-users] Sending Specific Internet Traffic ThroughVPN and rest through ISP
  • From: Ali Jawad <ali.jawad@xxxxxxxxxxxx>
  • Date: Thu, 06 Dec 2007 12:16:59 +0200

Dear David

 

I have done research..please check with me the following

 

I am on a network and the OpenVPN is on the Internet on another network with no push options and gateway redirects..I can ping 10.8.0.1 from the client if I establish a VPN network connection, and if I trace the connection to the public IP of the server it goes through my ISP>

 

If I do push 80.80.80.0 255.255.255.0 ‘my public network’ then I can neither ping 10.8.0.1 nor 80.80.80.10 ‘the VPN server’ although the routing table of the OpenVPN server has an entry to send data to the 10.8.0.0/24 network through tun 0

 

[root@localhost ~]# route -n | grep 10.8.0

10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0

10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0

 

So it should know that packets coming from 10.8.0.0/24 should be sent back through tun0..right ?

 

And

 

 

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

 

As for the client routing table..

 

C:\Documents and Settings\ali.jawad>netstat -r

 

Route Table

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...00 19 b9 24 df 85 ...... Broadcom NetXtreme 57xx Gigabit Controller - Pac

ket Scheduler Miniport

0x3 ...00 ff 0a 6e 17 9b ...... TAP-Win32 Adapter V8 - Packet Scheduler Miniport

 

0x4 ...00 ff db 1b 6a d1 ...... TAP VPN Adapter - Packet Scheduler Miniport

===========================================================================

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.176       20

         10.8.0.1  255.255.255.255         10.8.0.5        10.8.0.6       1

         10.8.0.4  255.255.255.252         10.8.0.6        10.8.0.6       30

         10.8.0.6  255.255.255.255        127.0.0.1       127.0.0.1       30

   10.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       30

     87.236.144.0    255.255.255.0         10.8.0.5        10.8.0.6       1

        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1

      192.168.0.0    255.255.255.0    192.168.0.176   192.168.0.176       20

    192.168.0.176  255.255.255.255        127.0.0.1       127.0.0.1       20

    192.168.0.255  255.255.255.255    192.168.0.176   192.168.0.176       20

        224.0.0.0        240.0.0.0         10.8.0.6        10.8.0.6       30

        224.0.0.0        240.0.0.0    192.168.0.176   192.168.0.176       20

  255.255.255.255  255.255.255.255         10.8.0.6               4       1

  255.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       1

  255.255.255.255  255.255.255.255    192.168.0.176   192.168.0.176       1

Default Gateway:       192.168.0.1

===========================================================================

Persistent Routes:

  None

 

 

Thanks

 

 

 

 

 


From: David Balazic [mailto:David.Balazic@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, December 05, 2007 6:20 PM
To: Ali Jawad; ross.cameron@xxxxxxxxxxxxxx; openvpn-users
Subject: RE: [Openvpn-users] Sending Specific Internet Traffic ThroughVPN and rest through ISP

 

1.) server setup & conf

2.) client setup & conf

3.) "route 4.1.2.3 net_gateway" in open VPN config files (4.1.2.3 is for example google.com)

3.b) or host command : "route 4.1.2.3 gw 8.8.8.8" (8.8.8.8 - your existing old non-vpn gateway)

(this is linux syntax, windows syntax is an excersize for the reader)

 

4.) learn about routing. It is so simple, that you will be ashamed of this email ;-)

 

Regards,

David

 


From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Ali Jawad
Sent: Wed 05-Dec-07 16:40
To: ross.cameron@xxxxxxxxxxxxxx; openvpn-users
Subject: Re: [Openvpn-users] Sending Specific Internet Traffic ThroughVPN and rest through ISP

Dear All

 

I have used the push statement and it seems that it is the correct solution, I have added

 

Push “route 82.82.82.0 255.255.255.0”

 

In order to force traffic going to my servers through VPN..now Internet traffic is going through the ISP and the correct push requests and replies are in the logs however if I try to ping or access any of the 82.82.82.0/24 servers I only get timeouts ..ping does not work either..IP forwarding and masquerading is enabled..

 

Any hints, please ?

 

With Regards

 

 


From: abalour@xxxxxxxxx [mailto:abalour@xxxxxxxxx] On Behalf Of Ross Cameron
Sent: Wednesday, December 05, 2007 5:27 PM
To: Ali Jawad
Subject: Re: [Openvpn-users] Sending Specific Internet Traffic ThroughVPN and rest through ISP

 

Surely "push route" statements for you're subnet of hosted IPs will do the trick?

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.