Reply To: ZeroShell as VPN Client to replace openVPN GUI on XP (Help)

Home Page Forums Network Management Networking ZeroShell as VPN Client to replace openVPN GUI on XP (Help) Reply To: ZeroShell as VPN Client to replace openVPN GUI on XP (Help)

#48533

ppalias
Member

@andy22 wrote:

@ppalias wrote:

route -n 

is better than

route

You have to add static routes for the hosts or networks that will be forwarded via the vpn tunnel instead of the default gateway.
You can add it on Network->Router->Static Routes.
Otherwise if you want to forward traffic depending on policy, you will have to do it on Network->NetBalancer->Balancing Rules.

PS: Yes your assumption is correct. All routing is done on ZS.

THX finally a hint, im trying to get this working since a week…
Its kinda frustrating since i already noticed im 95% there, but cant figure out the last step since im not a network pro.

I will try your settings, btw do i need to bridge some of the interfaces and ima lso unsure how the VPN99 interface relates to the TUN0 i get if i start openVPN?

No need for bridging unless you need it. vpn99 is the openpvn interface that is used on the server side. Tun0 comes up when you connect as a client or a p2p connection.

@andy22 wrote:

Im also unsure what firewall entries i need to add and what this “Forward” thinggy is i can add, also which interfaces do i have to add to the NAT?

As a principal on firewalls you block everything except the connections you permit. However since ZS acts also as a router I strongly advise you to apply a DROP policy only on the INPUT and add specific ALLOW statements. OUTPUT and FORWARD better be ALLOW.
Regarding NAT, you should apply it on the interfaces that connect you to the internet, in this case ppp0.

@andy22 wrote:

Can u maybe also give me an example of a static route assuming my LAN is incoming from ETH00 via 192.168.0.100?

static route is for a destination network/host ( for example 146.124.0.0/16 via tun0)
policy routing is used for traffic incoming from ETH00 (for example traffic coming from ETH00 use gateway tun0)

@andy22 wrote:

PS: A friend of mine also just noticed that my default gateway is still on PPPoE so he told me i need to delete this route and create a new to the TUN0 interface, is there a way to do this automatically via openvpn config? Since after i stop openvpn i want my old gateway back?

This is not necessary. You could do that in order to redirect all your traffic via the tunnel. It can be achieved by adding the parameter

--route-gateway gw

Check the documentation of openvpn for more information.