How to push the routing table to the client?

hack3rcon · Post by **hack3rcon** » Sat Sep 02, 2023 1:22 pm

Hello,
I have two VMs in VirtualBox and selected the NAT Network type for their networking.
For both VMs, I configured the network manually. On Server (Debian) my network configuration is:

Code: Select all

enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
        inet6 fe80::a00:27ff:feed:b47c  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:ed:b4:7c  txqueuelen 1000  (Ethernet)
        RX packets 46567  bytes 21273157 (20.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 38209  bytes 7396310 (7.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

And routing table is:

Code: Select all

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.2.2        0.0.0.0         UG    0      0        0 enp0s3
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 enp0s3
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 enp0s3

I can ping Internal and external networks:

Code: Select all

# ping google.com
PING google.com (216.239.38.120) 56(84) bytes of data.
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=1 ttl=50 time=25.3 ms
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=2 ttl=50 time=27.1 ms
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=3 ttl=50 time=27.8 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2032ms
rtt min/avg/max/mdev = 25.315/26.722/27.752/1.030 ms
#
# ping 172.20.1.2
PING 172.20.1.2 (172.20.1.2) 56(84) bytes of data.
64 bytes from 172.20.1.2: icmp_seq=1 ttl=125 time=1.54 ms
64 bytes from 172.20.1.2: icmp_seq=2 ttl=125 time=1.37 ms
64 bytes from 172.20.1.2: icmp_seq=3 ttl=125 time=2.87 ms
^C
--- 172.20.1.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2051ms
rtt min/avg/max/mdev = 1.366/1.922/2.867/0.671 ms

On client (Windows OS), I used the below configuration:

Code: Select all

IP: 10.0.2.16
Subnet Mask: 255.255.255.0
Default Gateway: 10.0.2.15         ==> Linux IP address

Both server and client can see each other. When the client connects to the server, I want the default gateway of server to be set on the client.

Server.conf:

Code: Select all

push "redirect-gateway def1 bypass-dhcp"
push "route 10.0.2.0 255.255.255.0 10.0.2.2 1"
push "dhcp-option DNS 1.1.1.1"

Client.ovpn:

Code: Select all

route 10.0.2.0 255.255.255.0 10.0.2.2

I connected to the server, but default gateway not set:

Code: Select all

Unknown adapter OpenVPN TAP-Windows6:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::b404:5a8b:df0e:52c3%15
   IPv4 Address. . . . . . . . . . . : 10.8.0.6
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . :

Why?

Thank you.

Post by **ordex** » Wed Sep 06, 2023 10:15 pm

Because when using "def1" (it's the right thing to do), OpenVPN will install two routes, namely 128.0.0.0/1 and 0.0.0.0/1), and won't touch the default gateway. (The manpage explains these approach a bit better)

Therefore, even if the default gateway hasn't changed, you should still see traffic entering the VPN interface.

hack3rcon · Post by **hack3rcon** » Thu Sep 07, 2023 10:19 am

ordex wrote: ↑
Wed Sep 06, 2023 10:15 pm
Because when using "def1" (it's the right thing to do), OpenVPN will install two routes, namely 128.0.0.0/1 and 0.0.0.0/1), and won't touch the default gateway. (The manpage explains these approach a bit better)

Therefore, even if the default gateway hasn't changed, you should still see traffic entering the VPN interface.

Hello,
Thank you so much for your reply.
Is there a command to change the default gateway?

Post by **ordex** » Thu Sep 07, 2023 10:22 am

I think you can just remove the "def1" from the "redirect-gateway" directive, but why?

hack3rcon · Post by **hack3rcon** » Thu Sep 07, 2023 10:44 am

ordex wrote: ↑
Thu Sep 07, 2023 10:22 am
I think you can just remove the "def1" from the "redirect-gateway" directive, but why?

Hello,
Thanks again.
So, push "redirect-gateway bypass-dhcp" changes the default gateway?

Post by **Pippin** » Thu Sep 07, 2023 10:51 am

Hi,

Why not answer the question?

ordex wrote: ↑
Thu Sep 07, 2023 10:22 am
I think you can just remove the "def1" from the "redirect-gateway" directive, but why?

hack3rcon · Post by **hack3rcon** » Thu Sep 07, 2023 10:56 am

Pippin wrote: ↑
Thu Sep 07, 2023 10:51 am
Hi,

Why not answer the question?
ordex wrote: ↑
Thu Sep 07, 2023 10:22 am
I think you can just remove the "def1" from the "redirect-gateway" directive, but why?

Hello,
Thank you so much for your reply.
I just wanted to know it. Can set the default gateway cause interference?

OpenVPN Support Forum

How to push the routing table to the client?

How to push the routing table to the client?

Re: How to push the routing table to the client?

Re: How to push the routing table to the client?

Re: How to push the routing table to the client?

Re: How to push the routing table to the client?

Re: How to push the routing table to the client?

Re: How to push the routing table to the client?