Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


OpenVPN Server Disable Default Gateway but reach the Server and Clients?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

OpenVPN Server Disable Default Gateway but reach the Server and Clients?

NeoonNeoon Community Contributor, Veteran
edited September 2014 in Help

Hey,

I have a OpenVPN Server running on a KVM box, i used that script: https://github.com/Nyr/openvpn-install

That is my Client configuration:

client
dev tun
proto udp
remote xx.xx.xx.xx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert clientname1.crt
key clientname1.key
ns-cert-type server
comp-lzo
verb 3

I added: route-nopull to that config to ensure i am not using the OpenVPN connection as default gateway but i also want to reach the VPN Server and the other VPN Clients. But when i add route-nopull to the client configuration i can't reach the VPN Server and the clients because something is missing. How to fix that? I guess i need to add a route manualy but which?

I still can create a VPN connection the the Server but i can't ping it.

Thanks

Comments

  • SilvengaSilvenga Member
    edited September 2014

    Little confused, you have the server push gateway defaults, then the client disables the defaults pushed?

    Could you just disabled (on the server)

    push "redirect-gateway def1 bypass-dhcp"
    push "dhcp-option DNS 208.67.222.222"
    push "dhcp-option DNS 208.67.220.220"
    

    and enable

    client-to-client
    

    To disable gateway overwriting and allow client to client communication?

    If not, you're going to need to set up the routes yourself.

    Or use Tinc. :P

  • @Silvenga said:

    Or use Tinc. :P

    Is Tinc easy to setup for windows (client), linux (server)? I've always used openvpn, was thinking about tinc but it seems a little odd to me

  • NeoonNeoon Community Contributor, Veteran
    edited September 2014

    Thats fucking wired stuff:

    It starts at 138 ping and stops at 496 ping

    537 packets transmited
    PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
    64 bytes from 10.8.0.1: icmp_seq=138 ttl=64 time=24.6 ms
    premium openvpn
    64 bytes from 10.8.0.1: icmp_seq=496 ttl=64 time=23.2 ms
    ^C
    

    @Silvenga because some client would need that but the most dont, i already have it now running with client-to-client see the result.

  • sc754 said: Is Tinc easy to setup

    I personally think Tinc is easier to set up than OpenVPN (not many moving parts). Tinc handles most of the routing for us (no iptable configuration or routes, just a TUN interface). I also think Tinc is better for our LowEnd boxes. Tinc automatically detects if TCP or UDP should be used and if a box goes down Tinc can automatically route to compensate.

    Not to say that Tinc is for everyone through. To use Tinc to its full potential you need to be comfortable with Linux, CLI's, text configuration files, and the basics of the level 3 network layer.

    However, there are differences to OpenVPN:

    • Tinc nodes are more independence from each other - there is no master server. Each node is independently configured for the target machine. Windows is configured differently from Unix, Mac is configured differently from Linux, etc. (all in the documentation). Each node is treated equal.

    • Most people use OpenVPN as a "proxy". Tinc was meant to primarily provide a "private network". Gateway routing must be added to the "client" and allowed by the "server".

    If you use Tinc, I recommend looking at the beta 1.1 branch (I'm using 1.1pre9). 1.0 is stable, but 1.1 adds a bunch of features that make using Tinc easier.

  • SilvengaSilvenga Member
    edited September 2014

    Infinity580 said: because some client would need that but the most dont, i already have it now running with client-to-client see the result.

    That is weird.

    For your gateway issue have you check the wiki article? https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway So rather than using route-nopull to disable all the routes, use:

    route 0.0.0.0 192.0.0.0 net_gateway
    route 64.0.0.0 192.0.0.0 net_gateway
    route 128.0.0.0 192.0.0.0 net_gateway
    route 192.0.0.0 192.0.0.0 net_gateway
    

    to only disable the gateway routes.

Sign In or Register to comment.