I have a NAS (ReadyNAS running Linux) in my LAN which I don't want to have access to the internet, except via VPN. I accomplished this by removing it's default gateway (actually it's default gw is pointing to an unused IP (192.168.1.2) as it doesn't allow removing it completely) and using my LAN's internal DNS server. Now I want OpenVPN to setup a static route to my LAN's default gateway for the VPN server it's going to use. I've tried several things but I only got it to work by doing this
....
persist-tun
script-security 2
up /etc/openvpn/openvpn_up.sh
.....
and in the shell script:
.....
#!/bin/sh
MY_REAL_GATEWAY="192.168.1.1"
# Set the static route for the selected VPN server:
/sbin/ip route del ${untrusted_ip}/32 2>/dev/null
/sbin/ip route add ${untrusted_ip}/32 via ${MY_REAL_GATEWAY}
.....
It feels like a hack, especially since on Linux OpenVPN always has restart once (due to ping-restart) due to the fact that the default gateway is setup too late in the process (after the UDP socket is already opened). I'm therefor looking for a cleaner solution. I already tried using --route etc. but I ran into the same problems there. I also noticed in OpenVPN's log file that OpenVPN itself is also setting up a static route from my system's (non working) gateway (192.168.1.2) for the VPN server's IP address, but that's also done after the UDP socket is already opened, so that can never work on Linux anyway?!
Is there a proper way or is this some kind of feature that could be implemented?
Create static route during OpenVPN for server access
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Sep 18, 2017 7:12 pm