Community Support Forum
 
  OpenVPN.net  •  Forum Index  •  FAQ  

It is currently Wed Apr 16, 2014 9:57 pm




Post new topic Reply to topic  [ 2 posts ] 
 irouted subments on client 
Author Message
 Post subject: irouted subments on client
PostPosted: Fri Jan 14, 2011 3:38 pm 
OpenVpn Newbie

Joined: Mon Jan 03, 2011 3:18 pm
Posts: 6
Is it possible somehow to fetch the list of "iroute"`d subnets on the client?
I found a solution - for each iroute direrective i push enviromental variable, which i parse on the client in the up script. But that is a little bit uncomfortable. Probably there is an internal variable for that?


Offline
 Profile  
 
 Post subject: Re: irouted subments on client
PostPosted: Fri Jan 14, 2011 3:55 pm 
OpenVpn Newbie

Joined: Mon Jan 03, 2011 3:18 pm
Posts: 6
To be clear - i`ll show you example the script i wrote myself.
So, imagine we have ccd file:
Code:
ifconfig-push 10.108.0.7 10.108.0.1
iroute 10.108.0.10 255.255.255.255
iroute 10.108.0.11 255.255.255.255
iroute 10.108.0.12 255.255.255.255

When the OpenVPN process starts on the client - tun0 brings up with the ip specified in "ifconfig-push" directive - 10.108.0.7
So to be able to use other IPs we need to do put aliases:
Quote:
ifcofing tun0:0 10.108.0.10
ifconfig tun0:1 10.108.0.11
ifconfig tun0:2 10.108.0.12

And also (plus to "ip rule" on the 10.108.0.7 IP) execute some ip rules commands to force packets with "source ip" equal to one of the IPs in ccd to go not through the default gateway, but thorough the certain VPN gate:
Code:
/sbin/ip rule add from 10.108.0.10 table vpn
/sbin/ip rule add from 10.108.0.11 table vpn
/sbin/ip rule add from 10.108.0.12 table vpn

In table "vpn" i `ve add the default gateway equal to VPN gate.

S i wanted to automate the process of this. So could change the ccd on the server and do not care about the scripts and config files the client has - so if any change (add/remove of the IP from the client) is done - i just need to force a connection restart and then the client would automatically get new ips working. So i came up with a little UP script.
Code:
#!/bin/bash
#Policy routing for "ifconfig-push" IP
/sbin/ip rule add from $5 table $1
/sbin/ip ro ad default via $6 table $1

#Policy routing and ifconfig execs for each "iroute" IP
i=0
buf="OPENVPN_alias$i"
while [ -n "${!buf}" ]; do
        ifconfig $2:$i ${!buf}
        /sbin/ip rule add from ${!buf} table $1
        ((i++))
        buf="OPENVPN_alias$i"

done

In order to make that work i need to modify ccd so:
Code:
ifconfig-push 10.108.0.7 10.108.0.1
iroute 10.108.0.10 255.255.255.255
iroute 10.108.0.11 255.255.255.255
iroute 10.108.0.12 255.255.255.255
push "setenv-safe alias0 10.108.0.10"
push "setenv-safe alias1 10.108.0.11"
push "setenv-safe alias2 10.108.0.12"

I do not like 'setenv-safe' but i did not find any other way to tell the client which IPs have been irouted to him, so the script could put on aliases ip on tun device.

And the question is - are there any other ways to do that, to remove those setenv-safe push`es.


Offline
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 


 Who is online 

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


phpBB SEO
[ Time : 0.162s | 14 Queries | GZIP : On ]

 
Index  |  FAQ


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group