IP Leaking

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
Rimmington
OpenVpn Newbie
Posts: 4
Joined: Fri Mar 04, 2011 11:39 am

IP Leaking

Post by Rimmington » Fri Mar 04, 2011 12:54 pm

Hi, Sorry for asking a question on my first post, but I'm no expert.

I am using a openVPN roadwarrior type setup. I have a openVPN server setup on a VPS to masqurade my clients internet connection through. As such the only IP that is visible to the internet from my client should be the VPS's IP.

Im having a problem however, that if my clients internet connection drops out and disconnects for a period OR the VPS server becomes inaccessable to the client somehow the pre-VPN connection default route is finding its way back into the routing table and the client is then connecting to the internet again but not through the VPN. I am using redirect-gateway so when the VPN connects that default client machine route is deleted, but it's still re-appearing sometimes when the connection goes for a period of time.

I guess this has something to do with the SIGUSR1[soft,ping-restart] received, process restarting - and openVPN re-entering the default_gateway to the routing table, in able to connect to the server VPN again.

How can this be avoided completely. If I put: ping-restart 0 onto the client and delete and ping-restart or similar from the server config would that make the client process restarting and as such openVPN adding the default_gateway to the client routing table totally impossible?

What i'd like to achieve is under absolutely no circumstances what so ever my client connecting to the internet without going through the VPN, after me running the openVPN client and it initially connecting to the openVPN server of course.

Thanks for any tips. Perhaps there's an easier way to do this?

Rimmington
OpenVpn Newbie
Posts: 4
Joined: Fri Mar 04, 2011 11:39 am

Re: IP Leaking

Post by Rimmington » Fri Mar 04, 2011 1:00 pm

PS.. I just tested this, and after 10 or so minutes, somehow the default_gateway has found its way back into to the client routing table and the client is now connecting to the internet again without use of the VPN.

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: IP Leaking

Post by janjust » Fri Mar 04, 2011 2:53 pm

this has little to do with OpenVPN , I guess; what you'd need is a routing table/firewall setup that allows you to connect to the VPN server and *only* the VPN server. Delete your default gateway and add an explicit route to the VPN server - it depends on your client OS how you can do this most efficiently.

Rimmington
OpenVpn Newbie
Posts: 4
Joined: Fri Mar 04, 2011 11:39 am

Re: IP Leaking

Post by Rimmington » Fri Mar 04, 2011 3:25 pm

I'm using an XP VMware virtual machine for the openVPN client. This is going to be possible?

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: IP Leaking

Post by janjust » Fri Mar 04, 2011 3:34 pm

yes I think so - simply don't set up the default routes in the win XP VM ; again, this has little to do with openvpn and more with windows+routing

Rimmington
OpenVpn Newbie
Posts: 4
Joined: Fri Mar 04, 2011 11:39 am

Re: IP Leaking

Post by Rimmington » Sat Mar 12, 2011 11:23 am

Thanks for pointing me in the right direction, I think I have it fixed. Managed it by setting static IP's for the VM's and using _pre & _up scripts. :D

Post Reply