|
|
I'm having a lot of difficulty with this, possibly owing to my lack of in-depth understanding of how networking works and possibly because I'm trying to do something that the program wasn't designed for. Please bear with me while I explain. I have, at my home, a LAN set up using a Belkin router with built-in WAP. This LAN is connected through the router to broadband internet. At school, I use a laptop with a wireless connection to the school's network. Access to the outside is through a proxy (not sure what kind), and that proxy blocks most ports (except for the basics -- SSH, HTML and AIM are pretty much the only ones that are open). I have SSH running on my home machine, which we'll call the Server. This allows me to create SSH tunnels, since I have 22 open on the LAN router/gateway pointing to the Server. So the setup is basically: Laptop (client) --> School proxy --> Internet --> Home router --> Server Now, I've set up OpenVPN to connect using an SSH tunnel. I have it so that port 9000 on the client tunnels to port 1194 on the Server while the SSH connection is active. I have successfully configured things so that I can connect to the OpenVPN server and ping both the OpenVPN server IP (172.x) and internal network addresses (192.168.x) from the client. Here are the config files I am using: CLIENT: client dev tun proto tcp remote localhost 9000 # Tunnels to 192.168.x:1194 while SSH is active resolv-retry infinite nobind persist-key persist-tun mute-replay-warnings ca ca.crt cert matthew.crt key matthew.key ns-cert-type server tls-auth ta.key 1 cipher BF-CBC comp-lzo verb 3 mute 20 route 192.168.x.0 255.255.255.0 SERVER: port 1194 proto tcp dev tun ca /etc/openvpn/ca.crt cert /etc/openvpn/cain.crt key /etc/openvpn/cain.key # This file should be kept secret dh /etc/openvpn/dh1024.pem server 172.x.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt keepalive 10 120 tls-auth /etc/openvpn/ta.key 0 # This file is secret cipher BF-CBC # Blowfish (default) comp-lzo max-clients 10 user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3 Again, using this setup I can ping the OpenVPN server using either its 172.x address or its 192.168.x address, and I can also ping the router using its 192.168.x address. I know that it's possible to set up PuTTY to run a SOCKS proxy over a given port that I can then funnel traffic through using SocksCap, but that isn't automatic nor is it really seamless. What I'd really like to do is use the OpenVPN adapter as the default for internet traffic, so that all of my traffic (web browsing, IM clients, online gaming) goes through the SSH tunnel and the VPN. Someone pointed me to a HOWTO to do this; it basically said that I had to add these lines to the server config: push "redirect-gateway def1" push "dhcp-option DNS 172.x.0.1" I do that, and the entire connection dies. The tunnel collapses, I can't ping anything anymore, it basically wipes out my internet. I notice that, when I add those options to the server file, the "default gateway" for my VPN device becomes 172.x.0.5; is it perhaps because the default gateway doesn't become 172.x.0.1 that things stop working? Or am I inadvertently setting up some kind of feedback loop because of the SSH tunnel? If that's the case, is there any way to avoid this? Any help anyone could give would be appreciated. I've read through the documentation but to a large extent I'm finding myself lost. ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |