OpenVPN Host-to-LAN Mangling Clients’ Routing Tables

Home Page Forums Network Management ZeroShell OpenVPN Host-to-LAN Mangling Clients’ Routing Tables

This topic contains 4 replies, has 0 voices, and was last updated by  jbo5112 8 years, 10 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #42566

    jbo5112
    Member

    Whenever I connect to the OpenVPN service on my zeroshell machine, all my Internet traffic gets routed through it, strangling my broadband connection to whatever is left of the 1Mbit upload at the office. I have verified this with traceroute. I visit too many websites in doing my job for this to work very well.

    The culprit is that my default route gets changed, and there is another line added, which does seem correct (but possibly insecure). Here are the offending lines:

    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    192.168.250.0 * 255.255.255.0 U 0 0 0 tap0
    default 192.168.250.254 0.0.0.0 UG 0 0 0 tap0

    I went to the DHCP menu for that subnet, and deleted the default gateway for the 192.168.250.0/255.255.255.0 subnet. It now just has a “DNS 1” entry and a “Domain Name” entry. I also tried adding the command line parameter “–route 192.168.0.0 255.255.0.0 192.168.250.254”, but it seems to do nothing, probably because 192.168.250.254 is already my default gateway. I need a way to fix this. The 1Mbit isn’t going to split 4 ways very well. Other than my VPN problems and not knowing how to configure DNS I really like Zeroshell.

    #50870

    ppalias
    Member

    Your problem is in OpenVPN configuration.
    If you don’t specify some static routes to be pushed from the server to the client, then the server sends the default gateway. All you have to do is go to the VPN setup page, click on a button named “Net” which is on bottom in the “Client IP Address Assignment ” box. There assign one network and after you restart the vpn server this network will be pushed over the tunnel.

    #50871

    jbo5112
    Member

    Thanks! 😀 I guess I didn’t read that popup page carefully enough. I’ve made the changes, and I’ll test it out when I’m at home.

    #50872

    jbo5112
    Member

    I clicked the net button, and added my office subnet to the list. I now have another necessary entry, but the default gateway is still being changed.

    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    192.168.5.0 192.168.250.254 255.255.255.0 UG 0 0 0 tap0

    I’ve tried adding the VPN subnet, checking and unchecking the source NAT button (I’m not sure what it does), disabling and enabling the DHCP settings on the VPN subnet, and I think every combination of each. No matter what I try, the default gateway is changed.

    #50873

    ppalias
    Member

    Use the following config for the user:

    remote ppalias.dyndns.org 1194
    proto tcp
    ca CA_Zeroshell.pem
    cert trendy.pem
    key trendy.pem
    verb 3
    mute 20
    resolv-retry infinite
    nobind
    client
    dev tap
    keepalive 5 60
    persist-key
    persist-tun
    route 10.14.149.0 255.255.255.192

    On the ZS I have configured the following:
    http://www.flickr.com/photos/35949154@N02/4875649126/

    #50874

    jbo5112
    Member

    I do have an option on my client to ignore any changes to my default route, but I was hoping to change the server to issue correct routing information. I also had to enable the source NAT once I made the changes to the client.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.