|
|
> > > I was looking for a something I could do to basically create a tunnel between > > my laptop and my private server on the public internet, and default route ALL > > traffic through that tunnel. > > Take a look at --redirect-gateway. This redirects ALL traffic through the > tunnel except of course the OpenVPN UDP/TCP tunnel transport itself (to avoid > a routing loop). Unfortunately, the typical OS's route semantics don't give > you the ability to control this in a fine-grained way. What you really want > to say is route everything except DHCP and the tunnel link itself through the > tunnel. --redirect-gateway will route everything, including probably DHCP as > well. So for that reason I would say that it's not a perfect solution yet. > No, I don't mind, I'm not a fan of DHCP, I'll hardcode my IP with glee! > > You might be able to improve on --redirect-gateway by using a script that does > the routing and which makes a special route for the DHCP server so it doesn't > go through the tunnel. > No, thats ok, thanks! > > The basic rule of redirecting everything through the tunnel is this: > > (1) Route all traffic destined for the VPN server through the original gateway > (2) Route all DHCP traffic to the ISP's DHCP server through the original gateway > (3) (Optional) Route DNS traffic through the original gateway -- this is > optional because some people will want DNS to go through the tunnel > (4) Route everything else through the VPN, using the tun/tap device as the > default gateway > > --redirect gateway knows how to do 1 and 4 only, and also how to undo them > when the VPN daemon exits. > > > If you want to do 2 and 3, you need to do it with an --up script. > Thanks! Now, to see if this fixes a problem I'm having with once the packets getting to the other end not going anywhere else (Since they have 10.X.X.X on it.. I tried to ipnat with : map tun0 10.1.0.2/32 -> 0/32 portmap tcp/udp auto map tun0 10.1.0.2/32 -> 0/32 I had just tested by doing route add -net 216.109.118.0 10.1.0.1 255.255.255.0 And trying to get to Yahoo. Thanks, Tuc/TTSG Internet Services, Inc. |