OpenVPN Host-to-LAN Mangling Clients’ Routing Tables

Forums Network Management ZeroShell OpenVPN Host-to-LAN Mangling Clients’ Routing Tables

  • This topic is empty.
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • August 6, 2010 at 12:50 pm #42566
    jbo5112
    Member

    Whenever I connect to the OpenVPN service on my zeroshell machine, all my Internet traffic gets routed through it, strangling my broadband connection to whatever is left of the 1Mbit upload at the office. I have verified this with traceroute. I visit too many websites in doing my job for this to work very well.

    The culprit is that my default route gets changed, and there is another line added, which does seem correct (but possibly insecure). Here are the offending lines:

    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    
192.168.250.0   *               255.255.255.0   U     0      0        0 tap0
    
default         192.168.250.254 0.0.0.0         UG    0      0        0 tap0

    I went to the DHCP menu for that subnet, and deleted the default gateway for the 192.168.250.0/255.255.255.0 subnet. It now just has a “DNS 1” entry and a “Domain Name” entry. I also tried adding the command line parameter “–route 192.168.0.0 255.255.0.0 192.168.250.254”, but it seems to do nothing, probably because 192.168.250.254 is already my default gateway. I need a way to fix this. The 1Mbit isn’t going to split 4 ways very well. Other than my VPN problems and not knowing how to configure DNS I really like Zeroshell.

    August 6, 2010 at 2:04 pm #50870
    ppalias
    Member

    Your problem is in OpenVPN configuration.
    If you don’t specify some static routes to be pushed from the server to the client, then the server sends the default gateway. All you have to do is go to the VPN setup page, click on a button named “Net” which is on bottom in the “Client IP Address Assignment ” box. There assign one network and after you restart the vpn server this network will be pushed over the tunnel.

    August 6, 2010 at 5:45 pm #50871
    jbo5112
    Member

    Thanks! 😀 I guess I didn’t read that popup page carefully enough. I’ve made the changes, and I’ll test it out when I’m at home.

    August 9, 2010 at 5:03 am #50872
    jbo5112
    Member

    I clicked the net button, and added my office subnet to the list. I now have another necessary entry, but the default gateway is still being changed.

    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    
192.168.5.0     192.168.250.254 255.255.255.0   UG    0      0        0 tap0

    I’ve tried adding the VPN subnet, checking and unchecking the source NAT button (I’m not sure what it does), disabling and enabling the DHCP settings on the VPN subnet, and I think every combination of each. No matter what I try, the default gateway is changed.

    August 9, 2010 at 1:06 pm #50873
    ppalias
    Member

    Use the following config for the user:

    remote ppalias.dyndns.org 1194
    
proto tcp
    
ca CA_Zeroshell.pem
    
cert trendy.pem
    
key  trendy.pem
    
verb 3
    
mute 20
    
resolv-retry infinite
    
nobind
    
client
    
dev tap
    
keepalive 5 60
    
persist-key
    
persist-tun
    
route 10.14.149.0 255.255.255.192

    On the ZS I have configured the following:
    http://www.flickr.com/photos/35949154@N02/4875649126/

    August 10, 2010 at 12:02 am #50874
    jbo5112
    Member

    I do have an option on my client to ignore any changes to my default route, but I was hoping to change the server to issue correct routing information. I also had to enable the source NAT once I made the changes to the client.

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.