Forum Replies Created

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
  • in reply to: Host-to-site route add problem? #51244

    Glad to be of help. I don’t suppose you tried openVpn without being administrator? There’s an upgrade to ZeroShell too… wonder if there’s anything in there that affects this.

    Well… one way or the other I have it working and it survives a ZeroShell reboot.

    Thanks dnsadmin for the additional info.

    in reply to: Host-to-site route add problem? #51242

    Unfortunately, using the older version turned out to be not such a good option. It requires the client user to have Administrative rights (a couple of options can get around it but none of them I liked very much). So that, at least for me, is out.

    Good news is, after some googling and tinkering, I think I have found a fix. I found on a debian list, something that sounds like the same issue (bug #600166) and at least a temporary resolution. Using this as a guide, I made a change to a script on a test ZS box which changes one of the “push” options slightly.

    On line 61 of “/root/kerbynet.cgi/scripts/vpn_start”:
    ” PUSHNETS0=”route remote_host net_gateway 1″

    Replace “remote_host” with “OPENVPN_REMOTE_PEER

    Routes are now added and removed correctly with all three tested client programs and the default gateway is left alone (and not deleted on disconnect). After multiple connects and disconnects I am satisfied that it is working like it should. I assume that this change will not survive a reboot but I haven’t checked.

    in reply to: Host-to-site route add problem? #51241

    Looks like I may have an answer. Basically I tried 3 different versions of the windoze client. One from (linked from the howto on ZS page) and two clients (“Access server” and “Community”) from Did this:

    Installed version from and all worked as it should and routes set up fine. Disconnect worked fine as well (didn’t strip out my default gw). Uninstalled and removed tap device.

    Installed community version from openvpn. net… got crazy route additions and disconnect stripped out my default gateway. (route addresses were much more similar to dnsadmin, btw). Uninstalled and removed tap device.

    Installed “Access Server” version from… got crazy routes (slightly different then previously) and gw was stripped. Uninstalled and removed device.

    Installed community version again… ran perfectly as before. Routes normal and gateway was not stripped.

    Also, both versions did not set up the correct routes either so no connectivity to remote network. I noticed that both showed tap driver versions to be 9.x (9.11 and 9.13 I think) while the version that worked had version 8.01 (?).

    I think it’s safe to conclude that there is an issue with the version of the client network device driver. Removing whatever version of you have and getting the version from seems to be the ticket.


    in reply to: Host-to-site route add problem? #51240

    One other similarity I see is that we both seem to be using the network addresses range on one end or the other… can’t see why that would be an issue but I’ll point it out anyway just in case.

    I did try one other thing, I tried adding only a couple of IP addresses to the “traffic to tunnel” and got the same results. Thought that was strange.

    Last thing I’ll mention, looking at dnsadmin’s routing table it looks like something else that’s similar might be happening… can’t tell sure because the test environment where I noticed this part was flawed. Anyway, when I configure a network to tunnel, after a connect and then a disconnect, the client’s default gateway is stripped away. I have yet to verify this in a proper environment (looks like my weekend will be busy with tinkering).

    I have to say though, other then this hickup, this is a fabulous project. I currently have 4 branches plus our main location, all in a 5 state area connected together using ZS Lan-to-Lan. Each office’s telephone system is VOIP connected and all 5 can call any extension in any office. The only thing not working as well or better then the old systems is the QoS… It’s just whooping my butt in one office where the bandwidth is way too low. I was using linux and tc. I just can’t quite seem to get it as good using ZS. Another day perhaps.

    in reply to: Host-to-site route add problem? #51238

    I have an unused laptop with XP and my own with Kubuntu 10.04 that I will try out this weekend… I’ll see what happens with the different setups and clients. The only thing I want to accomplish is to have normal internet traffic on the client not go thru the openvpn tunnel.

    in reply to: Host-to-site route add problem? #51236

    I’m using the default from one of the howto’s there… Less the comments it looks like this:

    remote 1194
    proto tcp
    ca CA.pem
    ;cert client.pem
    ;key client.pem
    verb 3
    mute 20
    resolv-retry infinite
    dev tap

    Wonder if the client could be involved too… I’m using the Windows OpenVPN client Access Server client instead of the community one (it seemed to have a more “simplified” interface).

    in reply to: Host-to-site route add problem? #51234

    I am getting almost identical results. I have been unable to find any info about this anywhere else. I add and I get 41 routes added in my windows XP client nearly identical to dnsadmin. Anyone find anything?

Viewing 7 posts - 1 through 7 (of 7 total)