On Tue, 2017-01-24 at 21:17 +0900, Tomasz Chmielewski wrote:
On 2017-01-24 21:04, Thomas Haller wrote:in many common setups, the VPN gateway will forward whatever packets you send it. I don't agree that "would almost never work" is accurate.With OpenVPN? I'd disagree. If it's the case with OpenVPN, than it usually means that someone misconfigured OpenVPN server. It wouldn't normally act as a gateway without: # If enabled, this directive will configure # all clients to redirect their default # network gateway through the VPN, causing # all IP traffic such as web browsing and # and DNS lookups to go through the VPN # (The OpenVPN server machine may need to NAT # or bridge the TUN/TAP interface to the internet # in order for this to work properly). ;push "redirect-gateway def1 bypass-dhcp"
Hi Tomasz, what you quote doesn't say anything about whether the server would actually forward traffic for the default-route. It says, that clients are encouraged to configure the default-route via the VPN gateway. Depending on how you configure openvpn client- side, it may follow the server's suggestion (--pull, ipv4.never- default). Whether server-side would route traffic to a certain destination depends on the server's routes, iptable rules, ip_forward, and openvpn options. But there is no real disagreement here. A ~server-choice~ option certainly would make sense. I merely said, that I don't agree with "would almost never work". best, Thomas
Attachment:
signature.asc
Description: This is a digitally signed message part