How to not forward default gateway over openvpn on road warr

Home Page Forums Network Management ZeroShell How to not forward default gateway over openvpn on road warr

This topic contains 9 replies, has 0 voices, and was last updated by  FredK 7 years, 8 months ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #40805

    FredK
    Member

    I would like to set up my openvpn host->lan to not forward the remote client default gateways over the tunnel, how can I achieve this if it is possible with zeroshell? I have done it in the past with a standard openvpn installation.

    #45951

    imported_fulvio
    Participant

    If you fill the fields in the frame with title “Client IP Address Assignment”, Zeroshell automatically uses the parameters –push “route-gateway gateway” and –push “redirect-gateway” when it inizializes the openvpn daemon.
    You can try to leave empty the fields IP Range, Gateway, Netmask and DNS in the frame Client IP Address Assignment. After that you can configure the dhcp server to assign the IP address to the VPN clients. Remember that the virtual ethernet interface for the roadwarrior connections with openvpn is the VPN99 and hence you must configure a dhcp subnet for this TAP interface.

    Regards
    Fulvio

    #45952

    That worked perfectly. Thanks!

    #45953

    It does not push routes to the vpn client.

    When I add –push “route 172.16.0.0 255.255.0.0” to the “command line parameters” field it complains because it appears the double quotes are not handled by zeroshell. I can add the route to my client ovnp, but I’d rather push it.

    #45954

    belda
    Member

    well it wouldy gr8 to have checkbox for it, sometimes you want to asign them ip but not a gateway, maybee having emty gateway

    #45955

    belda
    Member

    it is not working for me, I ve got bridge on internal and vpn99 interface, so it should be giving it a dhcp, but is not

    #45956

    xingshou
    Member

    After removing all the items in “Client IP Address Assignment” section and setting up DHCP, my VPN client is sending all the traffic to VPN gateway.

    I want to avoid all the traffice from being sent to the VPN gateway regardless of their destination. Therefore I hope ZeroShell improve this problem so that we can determine whether the VPN gateway is to be used as a default gateway in client-side or not.

    Sungsoo Kim

    #45957

    After you connect, can you open a command prompt and do an ipconfig and post your results?

    @xingshou wrote:

    After removing all the items in “Client IP Address Assignment” section and setting up DHCP, my VPN client is sending all the traffic to VPN gateway.

    I want to avoid all the traffice from being sent to the VPN gateway regardless of their destination. Therefore I hope ZeroShell improve this problem so that we can determine whether the VPN gateway is to be used as a default gateway in client-side or not.

    Sungsoo Kim

    #45958

    xingshou
    Member

    Thanks jeremy!

    I am sorry I need to reconfigure ZeroShell to reply your answer!

    I just hope something like below to be added in the ZeroShell. It was taken from one of the administrator screen in NETGEAR SSL312 VPN gateway. It’s user interface is very easy to understand.

    Sungsoo Kim



    VPN Tunnel Client


    Client IP Address Range
    Client Address Range Begin : 192.168.100.1
    Client Address Range End : 192.168.100.253

    Enable Full Tunnel Support : [ ]

    Note: Static routes should be added to reach any secure network in split tunnel mode.

    [Apply] [Cancel]



    Add Routes for VPN Tunnel Clients

    Destination Network : [_______________]
    Subnet Mask : [_______________]

    [Add Route] [Cancel]



    Configured Client Routes

    Destination Network Subnet Mask
    xxx.xxx.xxx.0 255.255.255.0 [Delete]


    #45959

    xingshou
    Member

    I am using Tunnelblick, Mac OS X OpenVPN client.
    I enabled DHCP server, but Tunnelblick does not still get an IP address from ZeroShell. But if I give static IP address range, it works as expected.

    I attach a log in Tunnelblick below.

    Sat 05/10/08 11:26 AM: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Sat 05/10/08 11:26 AM: LZO compression initialized
    Sat 05/10/08 11:26 AM: Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
    Sat 05/10/08 11:26 AM: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
    Sat 05/10/08 11:26 AM: Local Options hash (VER=V4): ’31fdf004′
    Sat 05/10/08 11:26 AM: Expected Remote Options hash (VER=V4): ‘3e6d1056’
    Sat 05/10/08 11:26 AM: Attempting to establish TCP connection with xxx.xxx.xxx.xxx:1194
    Sat 05/10/08 11:26 AM: TCP connection established with xxx.xxx.xxx.xxx:1194
    Sat 05/10/08 11:26 AM: TCPv4_CLIENT link local: [undef]
    Sat 05/10/08 11:26 AM: TCPv4_CLIENT link remote: xxx.xxx.xxx.xxx:1194
    Sat 05/10/08 11:26 AM: TLS: Initial packet from xxx.xxx.xxx.xxx:1194
    Sat 05/10/08 11:26 AM: VERIFY OK: depth=1
    Sat 05/10/08 11:26 AM: VERIFY OK: depth=0
    Sat 05/10/08 11:26 AM: Connection reset
    Sat 05/10/08 11:26 AM: TCP/UDP: Closing socket
    Sat 05/10/08 11:26 AM: SIGUSR1[soft

    #45960

    neilma
    Member

    @fulvio wrote:

    If you fill the fields in the frame with title “Client IP Address Assignment”, Zeroshell automatically uses the parameters –push “route-gateway gateway” and –push “redirect-gateway” when it inizializes the openvpn daemon.
    You can try to leave empty the fields IP Range, Gateway, Netmask and DNS in the frame Client IP Address Assignment. After that you can configure the dhcp server to assign the IP address to the VPN clients. Remember that the virtual ethernet interface for the roadwarrior connections with openvpn is the VPN99 and hence you must configure a dhcp subnet for this TAP interface.

    Regards
    Fulvio

    Sorry to bother you, but is this still applicable today?!

    puppy training | puppy whining |how to stop puppy biting

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.