Page 1 of 1

Excluding an IP range from redirect gateway

Posted: Fri Sep 03, 2010 6:08 pm
by MadTBone
Here are a couple of simple lines for your CCD files that will redirect all traffic except for a specific IP range, in this case 10.0.0.0/16:

Code: Select all

push "route 10.0.0.0 255.255.0.0 net_gateway"
push "redirect-gateway def1"

Re: Excluding an IP range from redirect gateway

Posted: Fri Feb 11, 2011 2:35 am
by Seanster
Old thread yes, but thank you so much for that tip!

In my case, I first establish a dialup connection which becomes the default route.

All internet traffic has to pass through the isp's proxy server. Let's call it 10.128.1.1.
This proxy server is (typically) on a different subnet than my dialup connection.

So my openvpn client configuration specifies this proxy server.

Then, thru this proxy, it makes a connection to my private server w.x.y.z running openvpn on port 443.

(their fascist proxy server of course blocks the openvpn port 1194, so I have to use 443)

Since the isp's proxy otherwise interferes with my traffic, I want ALL my traffic to flow through my vpn instead.

To do that I use the "redirect-gateway" directive.

The problem with this is that it breaks my tunnel. The packets destined for the proxy server now go out the default gateway which is the vpn.

I couldn't push a static route to the client because the dialup connection receives a random dhcp ip. You could never know what the gateway address is going to be ahead of time.

So that's where the "net_gateway" trick works like a charm.

push "route 10.128.1.1 255.255.0.0 net_gateway"

I'm hardly a noob but despite the brief mention this gets in the documentation I had never figured it out before now. Perhaps this long winded post will help someone else out.

BTW; This scenario applies to bluetooth tethered cell phones using oldskool GSM/EDGE networks. These days you can get cheap unlimited (on-device) browsing but nobody cares if you're tethering anymore.

-Sean

Re: Excluding an IP range from redirect gateway

Posted: Mon May 16, 2011 3:24 am
by Douglas
MadTBone wrote:Here are a couple of simple lines for your CCD files that will redirect all traffic except for a specific IP range, in this case 10.0.0.0/16:

Code: Select all

push "route 10.0.0.0 255.255.0.0 net_gateway"
push "redirect-gateway def1"
Good little tip, added it to my bookmarks for quick reference!

Re: Excluding an IP range from redirect gateway

Posted: Fri Nov 14, 2014 8:18 pm
by kuhn007
Thanks a lot for the post. Works great and I don't need to worry about my clients reaching out to the LAN :)