Page 1 of 1
how to add a kernel's route on the openvpn server?
Posted: Fri Oct 29, 2010 10:15 am
by fondpiggy
how to add a kernel's route on the openvpn server when a client connected.
I know that the ccd files can auto add a LAN route on server, but it is internal route, not is kernel's route.
iroute 192.168.0.0 255.255.255.0
the options "--route" is not my expectation, because I have a lot of client, I want get the his LAN route when the client connected.
Thanks
Re: how to add a kernel's route on the openvpn server?
Posted: Wed Nov 03, 2010 4:59 am
by krzee
you do want --route
i dont understand why you think you dont
did you read my writeup here?
viewtopic.php?f=8&t=98
Re: how to add a kernel's route on the openvpn server?
Posted: Wed Nov 03, 2010 10:14 am
by fondpiggy
Yeah, I had read your writing.
I want setup another openvpn server to implement failover function.
so I running the zebra on the vpn servers to communicate with internal OSPF router, but the zebra only recognize the kernel route.
it means that there are two vpn servers configured on the clients, when one server can't reachable, the clients can auto connect to another vpn server. so the internal router(hosts) need get new route to access the LAN behind clients.
thanks your respond.
Re: how to add a kernel's route on the openvpn server?
Posted: Thu Nov 04, 2010 10:01 am
by krzee
you cannot do this in client/server with tun
you either need tap (do not need a bridge, just tap) or a ptp (instead of client/server)
Re: how to add a kernel's route on the openvpn server?
Posted: Fri Nov 05, 2010 6:57 am
by fondpiggy
do you mean that if I configure tap virtual interface, it will add a kernel route?
unlucky, my client box not support tap interface.
Re: how to add a kernel's route on the openvpn server?
Posted: Fri Nov 05, 2010 7:02 am
by krzee
well the problem you will have is dynamically adding iroutes for the client when other lans are behind it... using tap gets around that
the other way to get around it is using a bunch of ptp links
then you can let ospf do its thing over the vpn
Re: how to add a kernel's route on the openvpn server?
Posted: Sat Nov 06, 2010 4:58 am
by fondpiggy
Hi, krzee.
Sorry, I can’t quite understand the solution that you said. Could you please explain more detail?
Is there another solution using openvpn scripting function?
Another striking option of OpenVPN is its scripting capabilities. We can create our own scripts and have them called on changes of the connection state. This makes it easy to execute a special script any time a client connects or on similar occasions
OpenVPN has several points of time when scripts can be executed. Like one of them, --route-up <command>.
the problem is, How can I configure openvpn server to execute a special script when a special client connected ?
Like ccd file script, it is only executed when special client connected, Not for all client.
Re: how to add a kernel's route on the openvpn server?
Posted: Tue Nov 16, 2010 8:07 am
by krzee
fondpiggy wrote:Hi, krzee.
Sorry, I can’t quite understand the solution that you said. Could you please explain more detail?
https://www.secure-computing.net/wiki/i ... RIPRouting
see "what didnt work"
How can I configure openvpn server to execute a special script when a special client connected ?
Like ccd file script, it is only executed when special client connected, Not for all client.
--client-connect <script>, runs script on client connection. This can be useful for generating firewall rules dynamicly, or for assigning static ips. This can do anything that a ccd (see !ccd) entry can do, but dynamicly... to use it that way, you should write your dynamic ccd commands to the file named by $1
Re: how to add a kernel's route on the openvpn server?
Posted: Mon Jan 10, 2011 7:06 am
by kid.xiyang
Using bridge mode have a try
Re: how to add a kernel's route on the openvpn server?
Posted: Mon Jan 10, 2011 8:43 pm
by krzee
you dont need a bridge, just tap