|
|
> I was looking for a something I could do to basically create a tunnel between > my laptop and my private server on the public internet, and default route ALL > traffic through that tunnel. Take a look at --redirect-gateway. This redirects ALL traffic through the tunnel except of course the OpenVPN UDP/TCP tunnel transport itself (to avoid a routing loop). Unfortunately, the typical OS's route semantics don't give you the ability to control this in a fine-grained way. What you really want to say is route everything except DHCP and the tunnel link itself through the tunnel. --redirect-gateway will route everything, including probably DHCP as well. So for that reason I would say that it's not a perfect solution yet. You might be able to improve on --redirect-gateway by using a script that does the routing and which makes a special route for the DHCP server so it doesn't go through the tunnel. The basic rule of redirecting everything through the tunnel is this: (1) Route all traffic destined for the VPN server through the original gateway (2) Route all DHCP traffic to the ISP's DHCP server through the original gateway (3) (Optional) Route DNS traffic through the original gateway -- this is optional because some people will want DNS to go through the tunnel (4) Route everything else through the VPN, using the tun/tap device as the default gateway --redirect gateway knows how to do 1 and 4 only, and also how to undo them when the VPN daemon exits. If you want to do 2 and 3, you need to do it with an --up script. James ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |