Page 1 of 1
Excluding an IP range from redirect gateway
Posted: Fri Sep 03, 2010 6:08 pm
by MadTBone
Here are a couple of simple lines for your CCD files that will redirect all traffic
except for a specific IP range, in this case 10.0.0.0/16:
Code: Select all
push "route 10.0.0.0 255.255.0.0 net_gateway"
push "redirect-gateway def1"
Re: Excluding an IP range from redirect gateway
Posted: Fri Feb 11, 2011 2:35 am
by Seanster
Old thread yes, but thank you so much for that tip!
In my case, I first establish a dialup connection which becomes the default route.
All internet traffic has to pass through the isp's proxy server. Let's call it 10.128.1.1.
This proxy server is (typically) on a different subnet than my dialup connection.
So my openvpn client configuration specifies this proxy server.
Then, thru this proxy, it makes a connection to my private server w.x.y.z running openvpn on port 443.
(their fascist proxy server of course blocks the openvpn port 1194, so I have to use 443)
Since the isp's proxy otherwise interferes with my traffic, I want ALL my traffic to flow through my vpn instead.
To do that I use the "redirect-gateway" directive.
The problem with this is that it breaks my tunnel. The packets destined for the proxy server now go out the default gateway which is the vpn.
I couldn't push a static route to the client because the dialup connection receives a random dhcp ip. You could never know what the gateway address is going to be ahead of time.
So that's where the "net_gateway" trick works like a charm.
push "route 10.128.1.1 255.255.0.0 net_gateway"
I'm hardly a noob but despite the brief mention this gets in the documentation I had never figured it out before now. Perhaps this long winded post will help someone else out.
BTW; This scenario applies to bluetooth tethered cell phones using oldskool GSM/EDGE networks. These days you can get cheap unlimited (on-device) browsing but nobody cares if you're tethering anymore.
-Sean
Re: Excluding an IP range from redirect gateway
Posted: Mon May 16, 2011 3:24 am
by Douglas
MadTBone wrote:Here are a couple of simple lines for your CCD files that will redirect all traffic
except for a specific IP range, in this case 10.0.0.0/16:
Code: Select all
push "route 10.0.0.0 255.255.0.0 net_gateway"
push "redirect-gateway def1"
Good little tip, added it to my bookmarks for quick reference!
Re: Excluding an IP range from redirect gateway
Posted: Fri Nov 14, 2014 8:18 pm
by kuhn007
Thanks a lot for the post. Works great and I don't need to worry about my clients reaching out to the LAN