邓尧
2017-02-16 03:42:58 UTC
Hi,
My server has a special client and I need to redirect all traffic of other
clients to this special client. Basically the special client instead of the
server is used as a NAT gateway.
The server tunnel address is 192.168.50.1, the special client's tunnel
address is 192.168.50.200 which is statically configured with a
"client-config-dir" configuration file.
The following options are added to the server's configuration file:
push "route-gateway 192.168.50.200"
client-to-client
The following option is added in normal clients' "client-config-dir"
configuration files:
push "redirect-gateway def1 bypass-dhcp"
Communications among clients and the server seem to be fine. Command "route
-n" on the clients also shows expected results.
But "traceroute" shows that the first hop of client traffic is still
192.168.50.1 instead of 192.168.50.200, even though the default gateway of
the client is shown as 192.168.50.200. If NAT is disabled on the server,
all communications to the Internet is broken.
I did some experiments, if "redirect-gateway" isn't pushed to the clients,
and the routing table on the clients are manually configured, it works
well. Because I have some Android/iOS clients which cannot be configured
manually without rooting the devices, this isn't an appropriate option for
me.
Is this an OpenVPN bug/feature or I configured incorrectly ?
OpenVPN version is 2.3.10, Linux distribution is Ubuntu 16.04.
Thanks
My server has a special client and I need to redirect all traffic of other
clients to this special client. Basically the special client instead of the
server is used as a NAT gateway.
The server tunnel address is 192.168.50.1, the special client's tunnel
address is 192.168.50.200 which is statically configured with a
"client-config-dir" configuration file.
The following options are added to the server's configuration file:
push "route-gateway 192.168.50.200"
client-to-client
The following option is added in normal clients' "client-config-dir"
configuration files:
push "redirect-gateway def1 bypass-dhcp"
Communications among clients and the server seem to be fine. Command "route
-n" on the clients also shows expected results.
But "traceroute" shows that the first hop of client traffic is still
192.168.50.1 instead of 192.168.50.200, even though the default gateway of
the client is shown as 192.168.50.200. If NAT is disabled on the server,
all communications to the Internet is broken.
I did some experiments, if "redirect-gateway" isn't pushed to the clients,
and the routing table on the clients are manually configured, it works
well. Because I have some Android/iOS clients which cannot be configured
manually without rooting the devices, this isn't an appropriate option for
me.
Is this an OpenVPN bug/feature or I configured incorrectly ?
OpenVPN version is 2.3.10, Linux distribution is Ubuntu 16.04.
Thanks