› Forums › Network Management › ZeroShell › OpenVPN Host-to-LAN Mangling Clients’ Routing Tables
- This topic is empty.
-
AuthorPosts
-
August 6, 2010 at 12:50 pm #42566
jbo5112
MemberWhenever I connect to the OpenVPN service on my zeroshell machine, all my Internet traffic gets routed through it, strangling my broadband connection to whatever is left of the 1Mbit upload at the office. I have verified this with traceroute. I visit too many websites in doing my job for this to work very well.
The culprit is that my default route gets changed, and there is another line added, which does seem correct (but possibly insecure). Here are the offending lines:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.250.0 * 255.255.255.0 U 0 0 0 tap0
default 192.168.250.254 0.0.0.0 UG 0 0 0 tap0
I went to the DHCP menu for that subnet, and deleted the default gateway for the 192.168.250.0/255.255.255.0 subnet. It now just has a “DNS 1” entry and a “Domain Name” entry. I also tried adding the command line parameter “–route 192.168.0.0 255.255.0.0 192.168.250.254”, but it seems to do nothing, probably because 192.168.250.254 is already my default gateway. I need a way to fix this. The 1Mbit isn’t going to split 4 ways very well. Other than my VPN problems and not knowing how to configure DNS I really like Zeroshell.
August 6, 2010 at 2:04 pm #50870ppalias
MemberYour problem is in OpenVPN configuration.
If you don’t specify some static routes to be pushed from the server to the client, then the server sends the default gateway. All you have to do is go to the VPN setup page, click on a button named “Net” which is on bottom in the “Client IP Address Assignment ” box. There assign one network and after you restart the vpn server this network will be pushed over the tunnel.August 6, 2010 at 5:45 pm #50871jbo5112
MemberThanks! 😀 I guess I didn’t read that popup page carefully enough. I’ve made the changes, and I’ll test it out when I’m at home.
August 9, 2010 at 5:03 am #50872jbo5112
MemberI clicked the net button, and added my office subnet to the list. I now have another necessary entry, but the default gateway is still being changed.
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.5.0 192.168.250.254 255.255.255.0 UG 0 0 0 tap0I’ve tried adding the VPN subnet, checking and unchecking the source NAT button (I’m not sure what it does), disabling and enabling the DHCP settings on the VPN subnet, and I think every combination of each. No matter what I try, the default gateway is changed.
August 9, 2010 at 1:06 pm #50873ppalias
MemberUse the following config for the user:
remote ppalias.dyndns.org 1194
proto tcp
ca CA_Zeroshell.pem
cert trendy.pem
key trendy.pem
verb 3
mute 20
resolv-retry infinite
nobind
client
dev tap
keepalive 5 60
persist-key
persist-tun
route 10.14.149.0 255.255.255.192
On the ZS I have configured the following:
http://www.flickr.com/photos/35949154@N02/4875649126/August 10, 2010 at 12:02 am #50874jbo5112
MemberI do have an option on my client to ignore any changes to my default route, but I was hoping to change the server to issue correct routing information. I also had to enable the source NAT once I made the changes to the client.
-
AuthorPosts
- You must be logged in to reply to this topic.