OpenVPN Host-to-LAN Mangling Clients’ Routing Tables

Forums Network Management ZeroShell OpenVPN Host-to-LAN Mangling Clients’ Routing Tables

  • This topic is empty.
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #42566

    Whenever I connect to the OpenVPN service on my zeroshell machine, all my Internet traffic gets routed through it, strangling my broadband connection to whatever is left of the 1Mbit upload at the office. I have verified this with traceroute. I visit too many websites in doing my job for this to work very well.

    The culprit is that my default route gets changed, and there is another line added, which does seem correct (but possibly insecure). Here are the offending lines:

    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface * U 0 0 0 tap0
    default UG 0 0 0 tap0

    I went to the DHCP menu for that subnet, and deleted the default gateway for the subnet. It now just has a “DNS 1” entry and a “Domain Name” entry. I also tried adding the command line parameter “–route”, but it seems to do nothing, probably because is already my default gateway. I need a way to fix this. The 1Mbit isn’t going to split 4 ways very well. Other than my VPN problems and not knowing how to configure DNS I really like Zeroshell.


    Your problem is in OpenVPN configuration.
    If you don’t specify some static routes to be pushed from the server to the client, then the server sends the default gateway. All you have to do is go to the VPN setup page, click on a button named “Net” which is on bottom in the “Client IP Address Assignment ” box. There assign one network and after you restart the vpn server this network will be pushed over the tunnel.


    Thanks! 😀 I guess I didn’t read that popup page carefully enough. I’ve made the changes, and I’ll test it out when I’m at home.


    I clicked the net button, and added my office subnet to the list. I now have another necessary entry, but the default gateway is still being changed.

    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface UG 0 0 0 tap0

    I’ve tried adding the VPN subnet, checking and unchecking the source NAT button (I’m not sure what it does), disabling and enabling the DHCP settings on the VPN subnet, and I think every combination of each. No matter what I try, the default gateway is changed.


    Use the following config for the user:

    remote 1194
    proto tcp
    ca CA_Zeroshell.pem
    cert trendy.pem
    key trendy.pem
    verb 3
    mute 20
    resolv-retry infinite
    dev tap
    keepalive 5 60

    On the ZS I have configured the following:


    I do have an option on my client to ignore any changes to my default route, but I was hoping to change the server to issue correct routing information. I also had to enable the source NAT once I made the changes to the client.

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.