[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] route clients outbound traffic through existing company gateway: HOW?

Subject: [Openvpn-users] route clients outbound traffic through existing company gateway: HOW?
From: Vladimirs Vecgailis <vladimir@xxxxxxxx>
Date: Wed, 08 Nov 2006 11:51:12 +0100

Hi all!

Following situation -
a VPN-server "A" with two nics, eth0 has one fixed internet ip, eth1 is connected
to the companys LAN. The server A does *NOT* act as a gateway/router for companys
servers and client machines - they go to the internet through another existing
gateway.

On the server A runs Openvpn 2.0.2, running very well and stable.
VPN-Clients pool is 10.0.4.0/24 and is *routed* into companys LAN.
*Whole* clients traffic is going through the VPN-Server A("redirect-gateway def1").
Client connections to the internet are masqueraded by server A using NAT and iptables.
Everything works fine.

My problem is: i want that all clients traffic to the internet is routed
through my existing old gateway (a this moment, the vpn-server A is doing nat@iptrables).
Why? Because i do some filtering on a gateway and i want that these policys apply also
to vpn-clients, as they are "inside" company's LAN.

And now my question: with what kind of "push"-directives i can push such routes to clients?
Is that kind of routing possible at all?


Here my server-config:
#########################
port 1194
proto udp
dev tun
ca keys/XXXXX/ca.crt
cert keys/XXXXX/XXXvpn.crt
key keys/XXXXX/XXXvpn.key
dh keys/XXXXX/dh1024.pem
server 192.168.4.0 255.255.255.0
crl-verify keys/XXXXX/crl.pem
tls-auth servers/XXXvpn/ta.key 0
cipher DES-CBC
user nobody
group nogroup
status servers/XXXvpn/logs/openvpn-status.log
log-append servers/XXXvpn/logs/openvpn.log
verb 2
mute 0
max-clients 100
keepalive 10 120
client-config-dir /etc/openvpn/servers/XXXvpn/ccd
tls-server
comp-lzo
persist-key
persist-tun
ccd-exclusive
route-up "route delete -net 192.168.4.0/24"
route-up "route add -net 192.168.4.0/24 tun0"
push "dhcp-option DOMAIN XXXXX"
push "dhcp-option DNS 192.168.20.251"
push "route 192.168.4.1"
push "route 192.168.10.0 255.255.255.0"
push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway def1"
#####################


Thanx!

Vladimir

---
PGP/GPG-verschluesselte E-Mails/Kommunikation bevorzugt.
Bitte benutzten Sie PGP/GnuPG (http://www.pgpi.com / http://www.gnupg.org) 
um Ihre E-Mails zu verschluesseln und zu unterschreiben.
Holen Sie sich meinen oeffentlichen Schluessel unter http://www.vovka.de/key.asc

PGP/GPG-encrypted e-mails/communication preferred.
Please use PGP/GnuPG (http://www.pgpi.com / http://www.gnupg.org)
to encrypt and sign your e-mails.
Get my public key at http://www.vovka.de/key.asc
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Follow-Ups:
- Re: [Openvpn-users] route clients outbound traffic through existing company gateway: HOW?
  - From: Charles Duffy

Prev by Date: [Openvpn-users] What different from "StopOpenVPN()" and "StopAllOpenVPN()" and "MyStopService()"
Next by Date: [Openvpn-users] General protection faults on X86_64
Previous by thread: [Openvpn-users] What different from "StopOpenVPN()" and "StopAllOpenVPN()" and "MyStopService()"
Next by thread: Re: [Openvpn-users] route clients outbound traffic through existing company gateway: HOW?
Index(es):
- Date
- Thread