Community Support Forum
 
  OpenVPN.net  •  Forum Index  •  FAQ  

It is currently Fri Apr 25, 2014 3:14 am




Post new topic Reply to topic  [ 6 posts ] 
 Protect default route on client 
Author Message
 Post subject: Protect default route on client
PostPosted: Sat Oct 09, 2010 4:51 am 
OpenVpn Newbie

Joined: Sat Oct 09, 2010 4:40 am
Posts: 4
Hi!

I got an account for openvpn from my university. I set the connection up on my home (TomatoUSB based) router. The vpn server is configured in a way, to also push the default route on connect to my router, so all the internet traffic should go through the university's routers.
Well i don't like it this way, and there is no point for it (also slows down the speed), so i just changed the default route back to my own isp's, after the vpn is connected:

route del default
route add default gw 213.xxx.xxx.xxx vlan1

This works just fine.
But i want my router to always auto connect to the university vpn, and don't want to change the default route back every time manually. Is there some way, to protect my default route on the client side configuration, or any way to always trigger this command, to change the default route back? But it would be better, if the default route would not change at all. I just couldn't find anything about this in the FAQ or the HOWTO.

~


Offline
 Profile  
 
 Post subject: Re: Protect default route on client
PostPosted: Sun Oct 10, 2010 3:48 pm 
Forum Team
User avatar

Joined: Fri Aug 29, 2008 5:42 pm
Posts: 703
i believe an --up script is what you are looking for... try that and see how it works


Offline
 Profile  
 
 Post subject: Re: Protect default route on client
PostPosted: Wed Oct 13, 2010 9:37 am 
OpenVpn Newbie

Joined: Sat Oct 09, 2010 4:40 am
Posts: 4
Well, sounds good at first, but this just isn't working...

here's the script:
Code:
#!/bin/sh

sleep 10
route del default
route add default gw x.x.x.x vlan1


Here are the logs:
Quote:
Oct 13 21:31:01 Mainstream daemon.notice openvpn[1684]: /tmp/mnt/Valentine/db/ovpn.up.sh tap11 1500 1576 10.8.0.2 255.255.255.0 init
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: /sbin/route add -net x.x.x.x netmask 255.255.255.255 gw x.x.x.x
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.8.0.1
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: /sbin/route add -net 172.16.115.0 netmask 255.255.255.0 gw 10.8.0.1
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: /sbin/route add -net 172.16.4.0 netmask 255.255.255.0 gw 10.8.0.1
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: /sbin/route add -net 172.20.16.0 netmask 255.255.255.0 gw 10.8.0.1
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: /sbin/route add -net x.x.x.x netmask 255.255.255.255 gw 10.8.0.1
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: Initialization Sequence Completed


As you can see, the up script is executed before the server changes the routes :(
I just try it with sleep, but still won't work...


Offline
 Profile  
 
 Post subject: Re: Protect default route on client
PostPosted: Wed Oct 13, 2010 9:49 am 
OpenVpn Newbie

Joined: Sat Oct 09, 2010 4:40 am
Posts: 4
Well here's something that works, but i don't think it's a nice solution:

ovpn.up.sh:
Code:
#!/bin/sh

(/bin/sh /tmp/mnt/Valentine/db/ovpn2.up.sh &)


ovpn2.up.sh:
Code:
#!/bin/sh

sleep 10
route del default
route add default gw x.x.x.x vlan1


And in the client config added:
Code:
script-security 2
up /tmp/mnt/Valentine/db/ovpn.up.sh


Any better solution, maybe something where the default route isn't even changed at all?


Offline
 Profile  
 
 Post subject: Re: Protect default route on client
PostPosted: Wed Oct 13, 2010 9:54 am 
Forum Team
User avatar

Joined: Fri Aug 29, 2008 5:42 pm
Posts: 703
yes
tell your server to not push it at you


Offline
 Profile  
 
 Post subject: Re: Protect default route on client
PostPosted: Wed Oct 13, 2010 10:16 am 
OpenVpn Newbie

Joined: Sat Oct 09, 2010 4:40 am
Posts: 4
is not my server :(


Offline
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 


 Who is online 

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


phpBB SEO
[ Time : 0.196s | 12 Queries | GZIP : On ]

 
Index  |  FAQ


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group