Re: unable to use openvpn server which uses "push route..."



On Tue, 2017-01-24 at 21:17 +0900, Tomasz Chmielewski wrote:
On 2017-01-24 21:04, Thomas Haller wrote:
in many common setups, the VPN gateway will forward whatever
packets
you send it. I don't agree that "would almost never work" is
accurate.

With OpenVPN? I'd disagree. If it's the case with OpenVPN, than it 
usually means that someone misconfigured OpenVPN server.

It wouldn't normally act as a gateway without:

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
;push "redirect-gateway def1 bypass-dhcp"

Hi Tomasz,


what you quote doesn't say anything about whether the server would 
actually forward traffic for the default-route.

It says, that clients are encouraged to configure the default-route
via the VPN gateway. Depending on how you configure openvpn client-
side, it may follow the server's suggestion (--pull, ipv4.never-
default).

Whether server-side would route traffic to a certain destination
depends on the server's routes, iptable rules, ip_forward, and openvpn
options.


But there is no real disagreement here. A ~server-choice~ option
certainly would make sense. I merely said, that I don't agree with
"would almost never work".



best,
Thomas

Attachment: signature.asc
Description: This is a digitally signed message part



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]