Trying to get local traffic to go to local router

wesmon · Post by **wesmon** » Tue Mar 15, 2011 4:17 pm

Hello,
The VPN is working fine between my computers (client is Win7 server is WinXP). On the client I'd like to get all traffic except for VPN traffic to go out the local router/internet connection.

The client's ip is 192.168.0.50 with a gateway of 192.168.0.1
The VPN server is 10.1.10.111 and the DHCP is 192.168.10.x

Here is the client config:

Code: Select all

client
dev tap
proto udp
remote 10.1.10.111 2019  
route 192.168.10.0 255.255.255.0 vpn_gateway 3  
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\client1.crt" 
key "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\client1.key"
ns-cert-type server
cipher BF-CBC 
comp-lzo
verb 1

Here is the server config:

Code: Select all

local 10.1.10.111 
port 2019 
proto udp 
mssfix 1400 
push "dhcp-option DNS 10.1.10.1"  
push "dhcp-option DNS 8.8.4.4"  
dev tap
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"  
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"
server 192.168.10.0 255.255.255.128  
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"  
keepalive 10 120
cipher BF-CBC
comp-lzo
max-clients 100 
persist-key
persist-tun
status openvpn-status.log
verb 1

When the VPN is active, here is the routing:

Code: Select all

===========================================================================
Interface List
 32...00 ff f5 6f 51 a0 ......TAP-Win32 Adapter V9
 11...b8 ac 6f 9b 50 43 ......Broadcom NetLink (TM) Gigabit Ethernet
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.50    276
          0.0.0.0        128.0.0.0     192.168.10.1     192.168.10.2     30
      10.1.10.111  255.255.255.255      192.168.0.1     192.168.0.50     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0     192.168.10.1     192.168.10.2     30
      192.168.0.0    255.255.255.0         On-link      192.168.0.50    276
     192.168.0.50  255.255.255.255         On-link      192.168.0.50    276
    192.168.0.255  255.255.255.255         On-link      192.168.0.50    276
     192.168.10.0    255.255.255.0     192.168.10.1     192.168.10.2     30
     192.168.10.0  255.255.255.128         On-link      192.168.10.2    286
     192.168.10.2  255.255.255.255         On-link      192.168.10.2    286
   192.168.10.127  255.255.255.255         On-link      192.168.10.2    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.50    276
        224.0.0.0        240.0.0.0         On-link      192.168.10.2    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.50    276
  255.255.255.255  255.255.255.255         On-link      192.168.10.2    286
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default 
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 32    286 fe80::/64                On-link
 32    286 fe80::f447:b50c:f57d:4018/128
                                    On-link
 11    276 fe80::f597:b329:6251:d051/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
 32    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

thanks for your help.

Post by **Bebop** » Wed Mar 16, 2011 12:15 am

wesmon wrote:On the client I'd like to get all traffic except for VPN traffic to go out the local router/internet connection.

Do you mean to say that all traffic that is not addressed to 192.168.10.x, should not go through the VPN?

wesmon wrote: The client's ip is 192.168.0.50 with a gateway of 192.168.0.1
The VPN server is 10.1.10.111 and the DHCP is 192.168.10.x

After reading through your entire post, what I think you mean to say is that the remote host address is 10.1.10.111, and the VPN server is 192.168.10.1, serving the 192.168.10.x subnet

How do you access the 10.1.10.111 network?

client

Code: Select all

remote 10.1.10.111 2019  
route 192.168.10.0 255.255.255.0 vpn_gateway 3

Isn't vpn_gateway 192.168.10.1?

So, specifying that the route to 192.168.10.x is through 192.168.10.1 is completely redundant? (ie: you can remove this line).

Its redundant because when you connect the VPN, the route will be installed by openvpn automatically.

If you want such fine grained control, use the "route-nopull" command. With route-nopull, you can specify each route individually from the client.conf file and no routes will be added automatically by the vpn, without your explicit instruction.

wesmon wrote:Here is the server config:

Code: Select all

local 10.1.10.111 
 
push "dhcp-option DNS 10.1.10.1"  
push "dhcp-option DNS 8.8.4.4"  
dev tap

server 192.168.10.0 255.255.255.128  

push "redirect-gateway def1"

You can immediately delete the line -- push "redirect-gateway def1" , because that specific push will cause all the client traffic to be routed through VPN -- you already said you don't want that.

Also, why dev tap and not tun?

here is the minimum changes to make:

In server .conf

remove push "redirect-gateway def1"
replace tap with tun

wesmon · Post by **wesmon** » Thu Mar 17, 2011 3:07 am

Cool!

So, at first I tried:
•remove push "redirect-gateway def1"
•replace tap with tun

That caused the client to throw up a bunch of errors related to what looked to me like connection type. So I put it back to a tap connection and everything works perfectly.

Thanks for your help.

btw, I got the configs and complete instructions from http://www.itsatechworld.com/2006/01/29 ... e-openvpn/

Thanks!

Post by **Bebop** » Thu Mar 17, 2011 3:37 am

wesmon wrote:So I put it back to a tap connection and everything works perfectly.

Thanks for your help.

Problem solved. Excellent. Thanks for the feedback about TAP device. I didn't know it could be used like this, so I've learned something too.

OpenVPN Support Forum

Trying to get local traffic to go to local router

Trying to get local traffic to go to local router

Re: Trying to get local traffic to go to local router

Re: Trying to get local traffic to go to local router

Re: Trying to get local traffic to go to local router