› Forums › Network Management › ZeroShell › How to not forward default gateway over openvpn on road warr
- This topic is empty.
-
AuthorPosts
-
October 16, 2007 at 5:03 pm #40805
FredK
MemberI would like to set up my openvpn host->lan to not forward the remote client default gateways over the tunnel, how can I achieve this if it is possible with zeroshell? I have done it in the past with a standard openvpn installation.
October 16, 2007 at 5:46 pm #45951imported_fulvio
ParticipantIf you fill the fields in the frame with title “Client IP Address Assignment”, Zeroshell automatically uses the parameters –push “route-gateway gateway” and –push “redirect-gateway” when it inizializes the openvpn daemon.
You can try to leave empty the fields IP Range, Gateway, Netmask and DNS in the frame Client IP Address Assignment. After that you can configure the dhcp server to assign the IP address to the VPN clients. Remember that the virtual ethernet interface for the roadwarrior connections with openvpn is the VPN99 and hence you must configure a dhcp subnet for this TAP interface.Regards
FulvioOctober 17, 2007 at 4:27 pm #45952danielibarnes
MemberThat worked perfectly. Thanks!
October 17, 2007 at 5:12 pm #45953danielibarnes
MemberIt does not push routes to the vpn client.
When I add –push “route 172.16.0.0 255.255.0.0” to the “command line parameters” field it complains because it appears the double quotes are not handled by zeroshell. I can add the route to my client ovnp, but I’d rather push it.
February 26, 2008 at 3:13 pm #45954belda
Memberwell it wouldy gr8 to have checkbox for it, sometimes you want to asign them ip but not a gateway, maybee having emty gateway
February 26, 2008 at 3:24 pm #45955belda
Memberit is not working for me, I ve got bridge on internal and vpn99 interface, so it should be giving it a dhcp, but is not
May 8, 2008 at 2:13 am #45956xingshou
MemberAfter removing all the items in “Client IP Address Assignment” section and setting up DHCP, my VPN client is sending all the traffic to VPN gateway.
I want to avoid all the traffice from being sent to the VPN gateway regardless of their destination. Therefore I hope ZeroShell improve this problem so that we can determine whether the VPN gateway is to be used as a default gateway in client-side or not.
Sungsoo Kim
May 8, 2008 at 2:28 pm #45957jeremy.haynes
MemberAfter you connect, can you open a command prompt and do an ipconfig and post your results?
@xingshou wrote:
After removing all the items in “Client IP Address Assignment” section and setting up DHCP, my VPN client is sending all the traffic to VPN gateway.
I want to avoid all the traffice from being sent to the VPN gateway regardless of their destination. Therefore I hope ZeroShell improve this problem so that we can determine whether the VPN gateway is to be used as a default gateway in client-side or not.
Sungsoo Kim
May 9, 2008 at 1:11 pm #45958xingshou
MemberThanks jeremy!
I am sorry I need to reconfigure ZeroShell to reply your answer!
I just hope something like below to be added in the ZeroShell. It was taken from one of the administrator screen in NETGEAR SSL312 VPN gateway. It’s user interface is very easy to understand.
Sungsoo Kim
VPN Tunnel Client
Client IP Address Range
Client Address Range Begin : 192.168.100.1
Client Address Range End : 192.168.100.253Enable Full Tunnel Support : [ ]
Note: Static routes should be added to reach any secure network in split tunnel mode.
[Apply] [Cancel]
Add Routes for VPN Tunnel ClientsDestination Network : [_______________]
Subnet Mask : [_______________][Add Route] [Cancel]
Configured Client RoutesDestination Network Subnet Mask
xxx.xxx.xxx.0 255.255.255.0 [Delete]
May 10, 2008 at 2:41 am #45959xingshou
MemberI am using Tunnelblick, Mac OS X OpenVPN client.
I enabled DHCP server, but Tunnelblick does not still get an IP address from ZeroShell. But if I give static IP address range, it works as expected.I attach a log in Tunnelblick below.
Sat 05/10/08 11:26 AM: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat 05/10/08 11:26 AM: LZO compression initialized
Sat 05/10/08 11:26 AM: Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat 05/10/08 11:26 AM: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Sat 05/10/08 11:26 AM: Local Options hash (VER=V4): ’31fdf004′
Sat 05/10/08 11:26 AM: Expected Remote Options hash (VER=V4): ‘3e6d1056’
Sat 05/10/08 11:26 AM: Attempting to establish TCP connection with xxx.xxx.xxx.xxx:1194
Sat 05/10/08 11:26 AM: TCP connection established with xxx.xxx.xxx.xxx:1194
Sat 05/10/08 11:26 AM: TCPv4_CLIENT link local: [undef]
Sat 05/10/08 11:26 AM: TCPv4_CLIENT link remote: xxx.xxx.xxx.xxx:1194
Sat 05/10/08 11:26 AM: TLS: Initial packet from xxx.xxx.xxx.xxx:1194
Sat 05/10/08 11:26 AM: VERIFY OK: depth=1
Sat 05/10/08 11:26 AM: VERIFY OK: depth=0
Sat 05/10/08 11:26 AM: Connection reset
Sat 05/10/08 11:26 AM: TCP/UDP: Closing socket
Sat 05/10/08 11:26 AM: SIGUSR1[softJuly 25, 2011 at 9:07 pm #45960neilma
Member@fulvio wrote:
If you fill the fields in the frame with title “Client IP Address Assignment”, Zeroshell automatically uses the parameters –push “route-gateway gateway” and –push “redirect-gateway” when it inizializes the openvpn daemon.
You can try to leave empty the fields IP Range, Gateway, Netmask and DNS in the frame Client IP Address Assignment. After that you can configure the dhcp server to assign the IP address to the VPN clients. Remember that the virtual ethernet interface for the roadwarrior connections with openvpn is the VPN99 and hence you must configure a dhcp subnet for this TAP interface.Regards
FulvioSorry to bother you, but is this still applicable today?!
-
AuthorPosts
- You must be logged in to reply to this topic.