Use this forum to share your network setup and what's been working for you.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
MadTBone
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Sep 03, 2010 6:03 pm
Post
by MadTBone » Fri Sep 03, 2010 6:08 pm
Here are a couple of simple lines for your CCD files that will redirect all traffic
except for a specific IP range, in this case 10.0.0.0/16:
Code: Select all
push "route 10.0.0.0 255.255.0.0 net_gateway"
push "redirect-gateway def1"
-
Seanster
- OpenVpn Newbie
- Posts: 1
- Joined: Thu Feb 10, 2011 11:22 pm
Post
by Seanster » Fri Feb 11, 2011 2:35 am
Old thread yes, but thank you so much for that tip!
In my case, I first establish a dialup connection which becomes the default route.
All internet traffic has to pass through the isp's proxy server. Let's call it 10.128.1.1.
This proxy server is (typically) on a different subnet than my dialup connection.
So my openvpn client configuration specifies this proxy server.
Then, thru this proxy, it makes a connection to my private server w.x.y.z running openvpn on port 443.
(their fascist proxy server of course blocks the openvpn port 1194, so I have to use 443)
Since the isp's proxy otherwise interferes with my traffic, I want ALL my traffic to flow through my vpn instead.
To do that I use the "redirect-gateway" directive.
The problem with this is that it breaks my tunnel. The packets destined for the proxy server now go out the default gateway which is the vpn.
I couldn't push a static route to the client because the dialup connection receives a random dhcp ip. You could never know what the gateway address is going to be ahead of time.
So that's where the "net_gateway" trick works like a charm.
push "route 10.128.1.1 255.255.0.0 net_gateway"
I'm hardly a noob but despite the brief mention this gets in the documentation I had never figured it out before now. Perhaps this long winded post will help someone else out.
BTW; This scenario applies to bluetooth tethered cell phones using oldskool GSM/EDGE networks. These days you can get cheap unlimited (on-device) browsing but nobody cares if you're tethering anymore.
-Sean
-
Douglas
- Forum Team
- Posts: 285
- Joined: Wed Aug 27, 2008 2:41 am
Post
by Douglas » Mon May 16, 2011 3:24 am
MadTBone wrote:Here are a couple of simple lines for your CCD files that will redirect all traffic
except for a specific IP range, in this case 10.0.0.0/16:
Code: Select all
push "route 10.0.0.0 255.255.0.0 net_gateway"
push "redirect-gateway def1"
Good little tip, added it to my bookmarks for quick reference!
-
kuhn007
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Nov 14, 2014 4:01 pm
Post
by kuhn007 » Fri Nov 14, 2014 8:18 pm
Thanks a lot for the post. Works great and I don't need to worry about my clients reaching out to the LAN