Closed

Message

dave-gallagher · Post by **dave-gallagher** » Fri Dec 01, 2006 7:35 pm

sp7xfq · Post by **sp7xfq** » Sat Dec 02, 2006 6:37 pm

Hi,

You have configured `redirect-gateway` in your openvpn config file, this means that remote clients treats your server as default network gateway and your server should redirect its packets to the Internet. To do this you should also set packet forwarding:

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_forward

Or I think (I've not tested this) maybe setting route-gateway to the same as default route in your server will be enough.

And about your ping tests, there is simple explanation for this behaviour. When you run ping command at first it got from the system some variables, among other things routing table, and it use these as long as it running. So, next you are establishing VPN tunnel which change routing table, especially default gateway, but running ping, does not ``know`` about it since it got this as startup.
br.

thesnowman · Post by **thesnowman** » Sun Dec 03, 2006 1:19 am

I think the problem is your

Code: Select all

push "redirect-gateway def1"

line. How do the clients know the IP address of def1? Do they have it hardcoded in the their hosts file?

Also, the reason your dhcp-option DNS line isn't working is because it only works out-of-the-box on windows clients. Non-windows clients require a client-side up script to interpret the dhcp-options and configure the clients appropriately.

It would also be quite trivial to port the bridging script to be more gentoo specific and use the baselayout network scripts to bring it up.

sp7xfq · Post by **sp7xfq** » Sun Dec 03, 2006 7:11 am

Hi, thesnowman

Due to openvpn manual the `def1` flag is correct.

`man openvpn` wrote:Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0.
This has the benefit of overriding but not wiping out the original default gateway.
Using the def1 flag is highly recommended, and is currently planned to become the default by OpenVPN 2.1.

thesnowman · Post by **thesnowman** » Sun Dec 03, 2006 9:08 pm

Sorry sp7xfq, I should have looked that up before replying.

What does the route command say when you are connected to the VPN?

What about your log files when the clients connect? OpenVPN should be logging the fact that it is changing the default gateway on the client. You may need to increase your verbosity to see this...

dave-gallagher · Post by **dave-gallagher** » Sun Dec 03, 2006 9:29 pm

dave-gallagher · Post by **dave-gallagher** » Sun Dec 03, 2006 10:31 pm

dave-gallagher · Post by **dave-gallagher** » Sun Dec 03, 2006 10:56 pm

thesnowman · Post by **thesnowman** » Tue Dec 05, 2006 3:40 pm

On Linux the route command with no arguments will print the routing table. On Windows you need to use "route print". Not sure about OS X.

I'm not sure why you think your default gateway is 10.33.3.250. Both trace routes show 172.17.1.1 as being the default gateway and this is the ip address being pushed by the OpenVPN server as shown in this line:

Code: Select all

Sun 12/03/06 05:51 PM: gw 172.17.1.1

Also, why is your OpenVPN server given an address of 10.33.3.5? Shouldn't it be in the 172.17.1.0/24 range so it can talk to the Linksys?

I don't see how you can be testing this from your LAN. You said you are VPN'ing to your ISP (PPTP?) and then connecting back to your public IP. How does this work? To accurately test this I would suggest testing from a completely separate network with internet access.