IP Leaking

Rimmington · Post by **Rimmington** » Fri Mar 04, 2011 12:54 pm

Hi, Sorry for asking a question on my first post, but I'm no expert.

I am using a openVPN roadwarrior type setup. I have a openVPN server setup on a VPS to masqurade my clients internet connection through. As such the only IP that is visible to the internet from my client should be the VPS's IP.

Im having a problem however, that if my clients internet connection drops out and disconnects for a period OR the VPS server becomes inaccessable to the client somehow the pre-VPN connection default route is finding its way back into the routing table and the client is then connecting to the internet again but not through the VPN. I am using redirect-gateway so when the VPN connects that default client machine route is deleted, but it's still re-appearing sometimes when the connection goes for a period of time.

I guess this has something to do with the SIGUSR1[soft,ping-restart] received, process restarting - and openVPN re-entering the default_gateway to the routing table, in able to connect to the server VPN again.

How can this be avoided completely. If I put: ping-restart 0 onto the client and delete and ping-restart or similar from the server config would that make the client process restarting and as such openVPN adding the default_gateway to the client routing table totally impossible?

What i'd like to achieve is under absolutely no circumstances what so ever my client connecting to the internet without going through the VPN, after me running the openVPN client and it initially connecting to the openVPN server of course.

Thanks for any tips. Perhaps there's an easier way to do this?

Rimmington · Post by **Rimmington** » Fri Mar 04, 2011 1:00 pm

PS.. I just tested this, and after 10 or so minutes, somehow the default_gateway has found its way back into to the client routing table and the client is now connecting to the internet again without use of the VPN.

Post by **janjust** » Fri Mar 04, 2011 2:53 pm

this has little to do with OpenVPN , I guess; what you'd need is a routing table/firewall setup that allows you to connect to the VPN server and *only* the VPN server. Delete your default gateway and add an explicit route to the VPN server - it depends on your client OS how you can do this most efficiently.

Rimmington · Post by **Rimmington** » Fri Mar 04, 2011 3:25 pm

I'm using an XP VMware virtual machine for the openVPN client. This is going to be possible?

Post by **janjust** » Fri Mar 04, 2011 3:34 pm

yes I think so - simply don't set up the default routes in the win XP VM ; again, this has little to do with openvpn and more with windows+routing

Rimmington · Post by **Rimmington** » Sat Mar 12, 2011 11:23 am

Thanks for pointing me in the right direction, I think I have it fixed. Managed it by setting static IP's for the VM's and using _pre & _up scripts.

OpenVPN Support Forum

IP Leaking

IP Leaking

Re: IP Leaking

Re: IP Leaking

Re: IP Leaking

Re: IP Leaking

Re: IP Leaking