How to not forward default gateway over openvpn on road warr

[FredK]

I would like to set up my openvpn host->lan to not forward the remote client default gateways over the tunnel, how can I achieve this if it is possible with zeroshell? I have done it in the past with a standard openvpn installation.

[imported_fulvio]

If you fill the fields in the frame with title “Client IP Address Assignment”, Zeroshell automatically uses the parameters –push “route-gateway gateway” and –push “redirect-gateway” when it inizializes the openvpn daemon.
You can try to leave empty the fields IP Range, Gateway, Netmask and DNS in the frame Client IP Address Assignment. After that you can configure the dhcp server to assign the IP address to the VPN clients. Remember that the virtual ethernet interface for the roadwarrior connections with openvpn is the VPN99 and hence you must configure a dhcp subnet for this TAP interface.

Regards
Fulvio

[danielibarnes]

That worked perfectly. Thanks!

[danielibarnes]

It does not push routes to the vpn client.

When I add –push “route 172.16.0.0 255.255.0.0” to the “command line parameters” field it complains because it appears the double quotes are not handled by zeroshell. I can add the route to my client ovnp, but I’d rather push it.

[belda]

well it wouldy gr8 to have checkbox for it, sometimes you want to asign them ip but not a gateway, maybee having emty gateway

[belda]

it is not working for me, I ve got bridge on internal and vpn99 interface, so it should be giving it a dhcp, but is not

[xingshou]

After removing all the items in “Client IP Address Assignment” section and setting up DHCP, my VPN client is sending all the traffic to VPN gateway.

I want to avoid all the traffice from being sent to the VPN gateway regardless of their destination. Therefore I hope ZeroShell improve this problem so that we can determine whether the VPN gateway is to be used as a default gateway in client-side or not.

Sungsoo Kim

[jeremy.haynes]

After you connect, can you open a command prompt and do an ipconfig and post your results?

@xingshou wrote:

After removing all the items in “Client IP Address Assignment” section and setting up DHCP, my VPN client is sending all the traffic to VPN gateway.

I want to avoid all the traffice from being sent to the VPN gateway regardless of their destination. Therefore I hope ZeroShell improve this problem so that we can determine whether the VPN gateway is to be used as a default gateway in client-side or not.

Sungsoo Kim

[xingshou]

Thanks jeremy!

I am sorry I need to reconfigure ZeroShell to reply your answer!

I just hope something like below to be added in the ZeroShell. It was taken from one of the administrator screen in NETGEAR SSL312 VPN gateway. It’s user interface is very easy to understand.

Sungsoo Kim

---

VPN Tunnel Client

---

Client IP Address Range
Client Address Range Begin : 192.168.100.1
Client Address Range End : 192.168.100.253

Enable Full Tunnel Support : [ ]

Note: Static routes should be added to reach any secure network in split tunnel mode.

[Apply] [Cancel]

---

Add Routes for VPN Tunnel Clients

Destination Network : [_______________]
Subnet Mask : [_______________]

[Add Route] [Cancel]

---

Configured Client Routes

Destination Network Subnet Mask
xxx.xxx.xxx.0 255.255.255.0 [Delete]

---

[xingshou]

I am using Tunnelblick, Mac OS X OpenVPN client.
I enabled DHCP server, but Tunnelblick does not still get an IP address from ZeroShell. But if I give static IP address range, it works as expected.

I attach a log in Tunnelblick below.

Sat 05/10/08 11:26 AM: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat 05/10/08 11:26 AM: LZO compression initialized
Sat 05/10/08 11:26 AM: Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat 05/10/08 11:26 AM: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Sat 05/10/08 11:26 AM: Local Options hash (VER=V4): ’31fdf004′
Sat 05/10/08 11:26 AM: Expected Remote Options hash (VER=V4): ‘3e6d1056’
Sat 05/10/08 11:26 AM: Attempting to establish TCP connection with xxx.xxx.xxx.xxx:1194
Sat 05/10/08 11:26 AM: TCP connection established with xxx.xxx.xxx.xxx:1194
Sat 05/10/08 11:26 AM: TCPv4_CLIENT link local: [undef]
Sat 05/10/08 11:26 AM: TCPv4_CLIENT link remote: xxx.xxx.xxx.xxx:1194
Sat 05/10/08 11:26 AM: TLS: Initial packet from xxx.xxx.xxx.xxx:1194
Sat 05/10/08 11:26 AM: VERIFY OK: depth=1
Sat 05/10/08 11:26 AM: VERIFY OK: depth=0
Sat 05/10/08 11:26 AM: Connection reset
Sat 05/10/08 11:26 AM: TCP/UDP: Closing socket
Sat 05/10/08 11:26 AM: SIGUSR1[soft

[neilma]

@fulvio wrote:

If you fill the fields in the frame with title “Client IP Address Assignment”, Zeroshell automatically uses the parameters –push “route-gateway gateway” and –push “redirect-gateway” when it inizializes the openvpn daemon.
You can try to leave empty the fields IP Range, Gateway, Netmask and DNS in the frame Client IP Address Assignment. After that you can configure the dhcp server to assign the IP address to the VPN clients. Remember that the virtual ethernet interface for the roadwarrior connections with openvpn is the VPN99 and hence you must configure a dhcp subnet for this TAP interface.

Regards
Fulvio

Sorry to bother you, but is this still applicable today?!

puppy training | puppy whining |how to stop puppy biting

[Author]

Posts