| View previous topic :: View next topic |
| Author |
Message |
bastibasti
Guru
Joined: 27 Nov 2006
Posts: 590
|
 Posted: Thu Jan 17, 2013 9:07 am Post subject: [Solved] OpenVPN - bridging, default gw |
 |
|
Hi.
Here's my setup.
Server already uses TAP bridges for qemu.
Server.conf
| Code: |
dev tap0
proto tcp-server
port 1194
mode server
tls-server
float
dh /etc/openvpn/ssl/keys/dh1024.pem
ca /etc/openvpn/ssl/keys/ca.crt
cert /etc/openvpn/ssl/keys/server.crt
key /etc/openvpn/ssl/keys/server.key
tls-auth /etc/openvpn/ssl/keys/ta.key 0
user nobody
group nogroup
#status /var/log/openvpn/vpn-status.log
#log /var/log/openvpn/vpn.log
comp-lzo
verb 3
#client-to-client
keepalive 10 120
#fragment 1300
mssfix
hand-window 300
tcp-nodelay
|
client.conf
| Code: |
client
dev tap1
proto tcp
remote 192.168.123.150 1194
socks-proxy 127.0.0.1 6666
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client1.crt
key /etc/openvpn/client/client1.key
comp-lzo
log /var/log/openvpn/client.log
verb 3
status /var/log/openvpn/client-status.log
tls-auth /etc/openvpn/client/ta.key 1
#tls-timeout 240
#connect-timeout 240
#fragment 1300
mssfix
tls-client
script-security 3 system
up /etc/openvpn/up.sh
|
after connecting if have to manually run
ifconfig tap1 up
dhclient tap1
on the client.. after that my client has a 192.168.0.238 for tap1. Totally correct
Now my client has an IP in my LAN, which works like a charm. I can ping all my hosts at home etc and access them.
Now I would like to change my default route to use the LAN router, which is not the vpn gateway
lets say
openvpn server is 192.168.0.150
Lan default GW is 192.168.0.151
If I do
| Code: | | route add default gw 192.168.123.151 |
the connection is lost.
How con I fix this?
Last edited by bastibasti on Fri Jan 18, 2013 9:01 pm; edited 1 time in total |
|
| Back to top |
|
 |
bastibasti
Guru
Joined: 27 Nov 2006
Posts: 590
|
| Posted: Thu Jan 17, 2013 10:01 am Post subject: |
|
|
I think I forgot to mention one more main point: The connection is running through a ssh tunnel (socks proxy)
So I think when I set the default gw, the ssh connection is lost?? |
|
| Back to top |
|
|
AngelKnight
Tux's lil' helper
Joined: 14 Jan 2003
Posts: 127
|
| Posted: Thu Jan 17, 2013 7:39 pm Post subject: |
|
|
| It is possible that you forgot to ensure that the aforementioned ssh connection is allowed to use the nexthop you had before you tried to alter the default gateway. |
|
| Back to top |
|
|
bastibasti
Guru
Joined: 27 Nov 2006
Posts: 590
|
| Posted: Thu Jan 17, 2013 8:27 pm Post subject: |
|
|
How can I do that???  |
|
| Back to top |
|
|
bastibasti
Guru
Joined: 27 Nov 2006
Posts: 590
|
| Posted: Fri Jan 18, 2013 9:00 pm Post subject: |
|
|
sorted it...
before setting the default gw to the new one,
I add a new route for the ssh connection
1) route add $ssh_ip gateway $old_gateway
2) route del default
3) rout add default gw $new_gw |
|
| Back to top |
|
|
|
Networking & Security
