New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
OpenVPN Server Disable Default Gateway but reach the Server and Clients?
Hey,
I have a OpenVPN Server running on a KVM box, i used that script: https://github.com/Nyr/openvpn-install
That is my Client configuration:
client dev tun proto udp remote xx.xx.xx.xx 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert clientname1.crt key clientname1.key ns-cert-type server comp-lzo verb 3
I added: route-nopull to that config to ensure i am not using the OpenVPN connection as default gateway but i also want to reach the VPN Server and the other VPN Clients. But when i add route-nopull to the client configuration i can't reach the VPN Server and the clients because something is missing. How to fix that? I guess i need to add a route manualy but which?
I still can create a VPN connection the the Server but i can't ping it.
Thanks
Comments
Little confused, you have the server push gateway defaults, then the client disables the defaults pushed?
Could you just disabled (on the server)
and enable
To disable gateway overwriting and allow client to client communication?
If not, you're going to need to set up the routes yourself.
Or use Tinc. :P
Is Tinc easy to setup for windows (client), linux (server)? I've always used openvpn, was thinking about tinc but it seems a little odd to me
Thats fucking wired stuff:
It starts at 138 ping and stops at 496 ping
@Silvenga because some client would need that but the most dont, i already have it now running with client-to-client see the result.
I personally think Tinc is easier to set up than OpenVPN (not many moving parts). Tinc handles most of the routing for us (no iptable configuration or routes, just a TUN interface). I also think Tinc is better for our LowEnd boxes. Tinc automatically detects if TCP or UDP should be used and if a box goes down Tinc can automatically route to compensate.
Not to say that Tinc is for everyone through. To use Tinc to its full potential you need to be comfortable with Linux, CLI's, text configuration files, and the basics of the level 3 network layer.
However, there are differences to OpenVPN:
Tinc nodes are more independence from each other - there is no master server. Each node is independently configured for the target machine. Windows is configured differently from Unix, Mac is configured differently from Linux, etc. (all in the documentation). Each node is treated equal.
Most people use OpenVPN as a "proxy". Tinc was meant to primarily provide a "private network". Gateway routing must be added to the "client" and allowed by the "server".
If you use Tinc, I recommend looking at the beta 1.1 branch (I'm using 1.1pre9). 1.0 is stable, but 1.1 adds a bunch of features that make using Tinc easier.
That is weird.
For your gateway issue have you check the wiki article? https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway So rather than using
route-nopull
to disable all the routes, use:to only disable the gateway routes.