Page 1 of 1
Redirecting traffic to and from specific IP
Posted: Mon Apr 18, 2011 4:33 pm
by MarkusDavey
Hello,
I have a routing issue with my ISP, and my work around is to (currently) push redirect gateway def1.
This is not desirable as i wish to only have data going to and from a specific IP (173.208.82.122 in this case).
I have the server running on Win XP, and the client is on Win 7.
Cheers.
Re: Redirecting traffic to and from specific IP
Posted: Tue Apr 19, 2011 6:39 am
by maikcat
hi there,
what exactly is your question?
can you post configs (server/client)
Michael.
Re: Redirecting traffic to and from specific IP
Posted: Tue Apr 19, 2011 10:34 am
by janjust
if you only need to route stuff to 173.208.82.122 via the VPN then simply add
Code: Select all
route 173.208.82.122 255.255.255.255
to the client config and do not use redirect-gateway; however, you will also need to make sure that your vpn server does some sort of masquerading/NAtting, or the gateway/router connected to the VPN server needs to do this.
If 'redirect-gateway' was working for you then this was already in place.
Re: Redirecting traffic to and from specific IP
Posted: Tue Apr 19, 2011 3:33 pm
by MarkusDavey
janjust wrote:if you only need to route stuff to 173.208.82.122 via the VPN then simply add
Code: Select all
route 173.208.82.122 255.255.255.255
to the client config and do not use redirect-gateway; however, you will also need to make sure that your vpn server does some sort of masquerading/NAtting, or the gateway/router connected to the VPN server needs to do this.
If 'redirect-gateway' was working for you then this was already in place.
Any way to choose specific ports for this also?
Also, I am having horrific packet drop.
client
Code: Select all
client
dev tun
proto udp
remote demeter.dyndns-server.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert proteus.crt
key proteus.key
ns-cert-type server
comp-lzo
verb 3
#explicit-exit-notify 2
ping 10
ping-restart 600
route-method exe
route-delay 2
cipher none
server
Code: Select all
port 1194
proto udp
dev tun
server 192.168.0.0 255.255.255.0 #you may choose any subnet. 10.0.0.x
is used for this example.
ca ca.crt #certs are optional. you may choose to go
with keys or passwords instead.
cert server.crt
key server.key
dh dh1024.pem
#push "redirect-gateway def1"
push "route 173.208.82.122 255.255.255.255"
push "dhcp-option DNS 8.8.8.8" #google dns is a temporary
measure until the Windows XP solution is known
#the following commands are optional
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
cipher none
Re: Redirecting traffic to and from specific IP
Posted: Wed Apr 20, 2011 6:18 am
by janjust
routing is on IP level only, i.e. you cannot route only port 80 or 443.
As for horrible packet drop: are you talking about packets inside or outside of the tunnel? how do you quantify 'packet drop' ? dropped ICMP packets?
Re: Redirecting traffic to and from specific IP
Posted: Wed Apr 20, 2011 11:08 am
by MarkusDavey
I run ping plotter, and i assume outside of the tunnel would be from the server to the outside internet. And yes, that is where the packet drop is.
ping plotter cannot show inter tunnel drop as all it shows is my PC to the server, then there to the outside world. So i do not know how much it is losing in the route from my PC to the server.
Re: Redirecting traffic to and from specific IP
Posted: Wed Apr 20, 2011 12:56 pm
by janjust
what about running
ping <server-VPN-IP>
for some time (or 'ping -t' on windows) ? that should give you some nice statistics.
Re: Redirecting traffic to and from specific IP
Posted: Wed Apr 20, 2011 2:34 pm
by MarkusDavey
I guess what i should ask, as a more open question. Is what can I do to streamline this the most for online gaming use? As that is what it is currently being used for.
Packet drop is 3% btw.
Re: Redirecting traffic to and from specific IP
Posted: Wed Apr 20, 2011 2:53 pm
by janjust
so what is the packet loss when comparing
ping -t <server-LAN-IP>
(i.e outside or no tunnel) vs
ping -t <server-VPN-IP>
if the line to the server is bad there's little you can do about it...
Re: Redirecting traffic to and from specific IP
Posted: Wed Apr 20, 2011 3:25 pm
by MarkusDavey
The server is totally unpingable when not connected to the VPN. Yet i can still remote desktop to it and everything.
and as stated above, through the VPN, pinging the server is 3% loss.
Re: Redirecting traffic to and from specific IP
Posted: Wed Apr 20, 2011 8:58 pm
by janjust
hmmm I'm still curious how good the line without the VPN is ; 3% packet loss is not great, but also not terrible. as an experiment you could also switch to 'proto tcp' to see if it has an effect - I'm pretty sure it shouldn't, but let's rule it out.
Re: Redirecting traffic to and from specific IP
Posted: Wed Apr 20, 2011 9:35 pm
by MarkusDavey
TCP over TCP = massive ping increase. I'll test the drop rate now but
Result : 0% loss
Re: Redirecting traffic to and from specific IP
Posted: Mon May 09, 2011 9:41 am
by MarkusDavey
[bump]
Re: Redirecting traffic to and from specific IP
Posted: Mon May 09, 2011 10:34 am
by janjust
bump? I'm still not certain what you meant with
TCP over TCP = massive ping increase. I'll test the drop rate now but
Result : 0% loss
tcp over tcp means no packet loss? that is good ; the ping time can be perhaps controlled using 'tcp-nodelay' on the server side.
Re: Redirecting traffic to and from specific IP
Posted: Mon May 09, 2011 10:45 am
by MarkusDavey
janjust wrote:bump? I'm still not certain what you meant with
TCP over TCP = massive ping increase. I'll test the drop rate now but
Result : 0% loss
tcp over tcp means no packet loss? that is good ; the ping time can be perhaps controlled using 'tcp-nodelay' on the server side.
Cheers, I'll give that a try
And what i meant with "tcp over tcp" is that it is commonly shunned. So i felt like mentioning that that was the case in that test.