Maybe someone can help me.
About the directive ** push "redirect-gateway def1" ** I have found the following explanation:
"Parameter def1: Instead of replacing the existing default gateway, OpenVPN
will add two new routes, 0.0.0.0/1 and 126.96.36.199/1. These routes together also
cover all IPv4 space, and are more specific (/1) than the regular gateway (/0).
Routing always takes place over the more specific routes, and thus all traffic
is sent over the VPN. The advantage of this trick is that the default gateway
is left intact. If the VPN connection is stopped, the original gateway can be
restored. Note that in this case, OpenVPN will add an explicit route to the
OpenVPN server itself, so the encrypted traffic itself will not be sent over the
From the above, and after some research in Internet, I undestand (I imagine that I am wrong...) that all IP packets transit through the VPN server, even those IP packets that are not destined to a host belonging to the VPN. To me this means the following: an IP packet destined to a host not belonging to the VPN
travels through the VPN tunnel until some an unspecified point, then it leaves the secure VPN tunnel in order to reach the "unsafe" host.
Now my (stupid?) question is: since sooner or later the IP packet will leave the secure VPN tunnel, what is the purpose to make it travel
through the secure VPN tunnel only for the first part of its trip? Why not use the unsafe direct way?
Any help is appreciated.
This forum is for general conversation and user-user networking.
2 posts • Page 1 of 1