push "push "redirect-gateway...

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mimo
OpenVpn Newbie
Posts: 1
Joined: Tue Dec 09, 2008 1:08 am

push "push "redirect-gateway...

Post by mimo » Tue Dec 09, 2008 1:14 am

Hey all I wonder if anyone can translate the below into lay-mans language...

Code: Select all

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel.  Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
push "redirect-gateway def1"
The above hints at a solution to solve the problem of using redirect gateway, but its over my head. I don't have a clue what they are hinting at.

I am using the redirect-gateway directive, how do I go about implementing the solution mention in the comments to over come the dhcp leaking problem.

Thanks all.

User avatar
krzee
Forum Team
Posts: 728
Joined: Fri Aug 29, 2008 5:42 pm

Re: push "push "redirect-gateway...

Post by krzee » Wed Dec 10, 2008 11:11 pm

push "redirect-gateway"
-changes all your inet traffic to go over the vpn, trashing your existing default gateway
-adding def1 does the same, but does not trash your default gateway, so when you get off the vpn you can still use the inet.
- in 2.1 you can add bypass-dhcp to it to bypass the vpn route for dhcp server

all that is explained better in the manpages, under --redirect-gateway
(from IRC channel)
<krzie> !man
<vpnHelper> krzie: "man" is (#1) http://openvpn.net/man for 2.0 manual, or
(#2) http://openvpn.net/man-beta.html for 2.1 manual, or (#3) the
man pages are your friend!

if you must use 2.0.9, or your OS does not support bypass-dhcp, you can make a --up script.
If you use BSD/OSX you could use something like this:

Code: Select all

GW=`netstat -rn|grep -v Gateway|grep G|awk '{print $2}'`
route add $DHCP_SERVER -gateway $GW
in linux you would use:

Code: Select all

GW=`netstat -rn|grep -v Gateway|grep G|awk '{print $2}'`
route add $DHCP_SERVER gw $GW
you would need to get the DHCP_SERVER server yourself for now, because i dont have a box that uses DHCP to test on. but http://www.cyberciti.biz/faq/linux-find ... p-address/ would help you get started on linux, http://www.macosxhints.com/article.php? ... 8160815998 would help you get started on osx

Basically the goal is to add a route for DHCP_SERVER to go through your LAN gateway instead of through the vpn.

Post Reply