Community Support Forum
 
  OpenVPN.net  •  Forum Index  •  FAQ  

It is currently Wed Apr 23, 2014 2:09 pm




Post new topic Reply to topic  [ 2 posts ] 
 OpenVPN Connect (Android) - disable local LAN access 
Author Message
 Post subject: OpenVPN Connect (Android) - disable local LAN access
PostPosted: Thu Oct 25, 2012 8:35 am 
OpenVpn Newbie

Joined: Tue Oct 23, 2012 7:28 pm
Posts: 1
Hi all,

is it possible to force an Android device to use only the VPN tunnel for ALL network communication (well except for the actual communication with the VPN server, which obviously has to use the default gateway) ?

the relevant lines of my server.conf:
dev tun
server 10.8.0.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.1.1"

192.168.1.0/24 is my home LAN, my OpenVPN server takes care of routing 10.8.0.0/24 through my home LAN, so I have no problem accessing the internet, or the hosts on my home network through the VPN tunnel.

However, when my Android device is connected to a network that uses the 192.168.1.0/24 address space as well, I can no longer connect to my home network, since the android device uses the default gateway for accessing 192.168.1.0/24, and not the VPN tunnel.

So except for the obvious solution involving reconfiguring my home LAN to use some not very common address space, is there some other way how I can force the Android device to use only the VPN tunnel ?

thanks


Offline
 Profile  
 
 Post subject: Re: OpenVPN Connect (Android) - disable local LAN access
PostPosted: Wed Mar 13, 2013 12:35 am 
OpenVpn Newbie

Joined: Wed Mar 13, 2013 12:15 am
Posts: 2
If you make the assumption that the default gateway will always be .1, you could push more-specific routes than /24. That should override the less-specific directly-attached /24:

Thankfully, if you have access to a Linux box, you needn't generate the list by hand:

Code:
anthony@Zia:~$ seq -f '192.168.1.%g/32' 2 255  | aggregate -q | xargs netmask -s  | tr '/' ' ' | sed 's/^\s*/push "route /; s/$/"/'
push "route 192.168.1.2 255.255.255.254"
push "route 192.168.1.4 255.255.255.252"
push "route 192.168.1.8 255.255.255.248"
push "route 192.168.1.16 255.255.255.240"
push "route 192.168.1.32 255.255.255.224"
push "route 192.168.1.64 255.255.255.192"
push "route 192.168.1.128 255.255.255.128"


This won't let you access your 192.168.1.1, if you need to do that as well, you'll probably need to root the phone, and use the Linux policy routing tools.

You could also have your remote VPN gateway do a 1:1 NAT translation, so that you can access 192.168.1.1 as 192.168.255.1 (etc.) as well. Then you pick whichever works on the network you're on.


Offline
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 


 Who is online 

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


phpBB SEO
[ Time : 0.159s | 14 Queries | GZIP : On ]

 
Index  |  FAQ


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group