Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved] OpenVPN - bridging, default gw
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
bastibasti
Guru
Guru


Joined: 27 Nov 2006
Posts: 581

PostPosted: Thu Jan 17, 2013 9:07 am    Post subject: [Solved] OpenVPN - bridging, default gw Reply with quote

Hi.

Here's my setup.

Server already uses TAP bridges for qemu.

Server.conf
Code:

dev tap0
proto tcp-server
port 1194
mode server
tls-server
float
dh /etc/openvpn/ssl/keys/dh1024.pem
ca /etc/openvpn/ssl/keys/ca.crt
cert /etc/openvpn/ssl/keys/server.crt
key /etc/openvpn/ssl/keys/server.key
tls-auth /etc/openvpn/ssl/keys/ta.key 0
user nobody
group nogroup
#status /var/log/openvpn/vpn-status.log
#log /var/log/openvpn/vpn.log
comp-lzo
verb 3
#client-to-client
keepalive 10 120
#fragment 1300
mssfix
hand-window 300
tcp-nodelay


client.conf
Code:

client
dev tap1
proto tcp
remote 192.168.123.150 1194
socks-proxy 127.0.0.1 6666
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client1.crt
key /etc/openvpn/client/client1.key
comp-lzo
log /var/log/openvpn/client.log
verb 3
status /var/log/openvpn/client-status.log
tls-auth /etc/openvpn/client/ta.key 1
#tls-timeout 240
#connect-timeout 240
#fragment 1300
mssfix
tls-client
script-security 3 system
up /etc/openvpn/up.sh



after connecting if have to manually run

ifconfig tap1 up
dhclient tap1

on the client.. after that my client has a 192.168.0.238 for tap1. Totally correct

Now my client has an IP in my LAN, which works like a charm. I can ping all my hosts at home etc and access them.

Now I would like to change my default route to use the LAN router, which is not the vpn gateway

lets say

openvpn server is 192.168.0.150
Lan default GW is 192.168.0.151

If I do

Code:
route add default gw 192.168.123.151

the connection is lost.

How con I fix this?


Last edited by bastibasti on Fri Jan 18, 2013 9:01 pm; edited 1 time in total
Back to top
View user's profile Send private message
bastibasti
Guru
Guru


Joined: 27 Nov 2006
Posts: 581

PostPosted: Thu Jan 17, 2013 10:01 am    Post subject: Reply with quote

I think I forgot to mention one more main point: The connection is running through a ssh tunnel (socks proxy)

So I think when I set the default gw, the ssh connection is lost??
Back to top
View user's profile Send private message
AngelKnight
Tux's lil' helper
Tux's lil' helper


Joined: 14 Jan 2003
Posts: 127

PostPosted: Thu Jan 17, 2013 7:39 pm    Post subject: Reply with quote

It is possible that you forgot to ensure that the aforementioned ssh connection is allowed to use the nexthop you had before you tried to alter the default gateway.
Back to top
View user's profile Send private message
bastibasti
Guru
Guru


Joined: 27 Nov 2006
Posts: 581

PostPosted: Thu Jan 17, 2013 8:27 pm    Post subject: Reply with quote

How can I do that??? 8O 8O 8O
Back to top
View user's profile Send private message
bastibasti
Guru
Guru


Joined: 27 Nov 2006
Posts: 581

PostPosted: Fri Jan 18, 2013 9:00 pm    Post subject: Reply with quote

sorted it...

before setting the default gw to the new one,

I add a new route for the ssh connection

1) route add $ssh_ip gateway $old_gateway
2) route del default
3) rout add default gw $new_gw
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum