Discussion:
[Openvpn-users] redirect-gateway to specific ip address
b***@cec.wustl.edu
2008-06-17 03:29:55 UTC
Permalink
The machine running the openvpn server is also the router for a small
192.168.1.0/24 LAN. Machines on the LAN connect to the Internet using the
router, 192.168.1.1, as a gateway. The openvpn server is set up in
"bridged mode". I want openvpn clients to connect to the Internet through
through the router, so I've included the following directive in my
server.conf:

push "redirect-gateway def1"

On a linux client, this effectively makes the default gateway the tap0
interface belonging to the openvpn client. The corresponding routing table
entry looks something like this:

default * 0.0.0.0 U 0 0 0 tap0

Note the asterisk -- the default gateway is not associated with an IP
address. This works fine if the client wants to talk to other machines on
the 192.168.1.0/24 LAN. It doesn't work when the client wants to connect
to the Internet at large; for that, the default gateway would have to
include the IP address of the router. If I add such a gateway manually:

route add default gw 192.168.1.1

Everything works great. The corresponding routing table entry looks like:

default 192.168.1.1 0.0.0.0 UG 0 0 0 tap0

Note the IP address in place of the asterisk.

So my question is, how do I get redirect-gateway to do this for me? Why
doesn't redirect-gateway produce a default gateway with an IP address?
I've tried adding:

push "route-gateway 192.168.1.1"

To server.conf, but it hasn't helped. Any ideas?
Jorge Sarmiento
2008-06-17 05:38:34 UTC
Permalink
you can't.

If you set up the default gateway of the clients as 192.168.1.1, the
clientes will loose their connection because they won't be able to
connect to internet, since the new gateway is an openvpn client, and
openvpn needs internet to work.

what you can do is install a proxy on your router and configuring the
browsers and applications to work through it.

Jorge S.
Post by b***@cec.wustl.edu
The machine running the openvpn server is also the router for a small
192.168.1.0/24 LAN. Machines on the LAN connect to the Internet using the
router, 192.168.1.1, as a gateway. The openvpn server is set up in
"bridged mode". I want openvpn clients to connect to the Internet through
through the router, so I've included the following directive in my
push "redirect-gateway def1"
On a linux client, this effectively makes the default gateway the tap0
interface belonging to the openvpn client. The corresponding routing table
default * 0.0.0.0 U 0 0 0 tap0
Note the asterisk -- the default gateway is not associated with an IP
address. This works fine if the client wants to talk to other machines on
the 192.168.1.0/24 LAN. It doesn't work when the client wants to connect
to the Internet at large; for that, the default gateway would have to
route add default gw 192.168.1.1
default 192.168.1.1 0.0.0.0 UG 0 0 0 tap0
Note the IP address in place of the asterisk.
So my question is, how do I get redirect-gateway to do this for me? Why
doesn't redirect-gateway produce a default gateway with an IP address?
push "route-gateway 192.168.1.1"
To server.conf, but it hasn't helped. Any ideas?
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
b***@cec.wustl.edu
2008-06-17 13:24:28 UTC
Permalink
Jorge, thank you for responding, but I don't think that's correct. The
whole point of using redirect-gateway (instead of just pushing a route) is
to avoid the problem you mentioned by providing a more specific route from
the client to the openvpn server.
Jorge Sarmiento
2008-06-17 19:21:13 UTC
Permalink
ok, I guess then that your clients are in the same LAN than the VPN Router.

As far as I remember server-bridge directive activates some kind of
dhcpd in OpenVPN, and sends a default gateway. The other option is the
approach I use, I have a dhcpd server installed in the router, binded
to the bridged interface. You can easily customize what you want in
there.

Jorge S.
Post by b***@cec.wustl.edu
Jorge, thank you for responding, but I don't think that's correct. The
whole point of using redirect-gateway (instead of just pushing a route) is
to avoid the problem you mentioned by providing a more specific route from
the client to the openvpn server.
Loading...