|
|
Farkas Levente <lfarkas@xxxxxxx> said: > hi, > today after a few day of using we run into a new problems with > redirect-gatway. there are there think what usualy get from the dhcp server: > - ip address and netmask > - default gateway > - one or more dns > - dhcp server which gives this information > we keep the ip and netmask, but it's just got into my mind that it's not > enough to route the remote server's through the original gateway. we can > setup an internal dns, so we can solve the dns. BUT if the dhcp lease > time is expired, we have to renew these information. > so what we can do? > - we also redirect the dhcp server through the original gateway > - if the lease time expired (or if any of the dhcp information changed, > ip, netmask, gateway or dhcp address) then we have to rerun the redirection: > - revert the default gateway > - redirect the gateway. Well that's one of the problems with redirecting your gateway through the VPN itself... there are always small details which you _don't_ want to route, such as bootps packets, and in some cases, DNS packets. If you knew the address of the DHCP server you could use something like --route [DHCP server addr] net_gateway net_gateway is a special keyword that can be used in OpenVPN --route commands which resolves to the original default gateway. Some OSes (like Linux) let you route by port number (though OpenVPN's --route option does not support this at present, so you would need an --up script). This would be more convenient because then you could route all outgoing bootps packets to the original default gateway, and would not need to known the actual address of the DHCP server. You could probably also benefit from something like --ping/--ping-restart. When the DHCP address changes, the channel to the remote will be broken, --ping-restart will be triggered, the default gateway change will be undone, a new connection to the remote will be attempted, and then the default gateway can be redirected. You might want to use --up-delay (or --route-delay) to delay the gateway redirection until after the new connection is established. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |