I run an open bsd "MyBox" inside a firewall run under OBSD and PF, and
I want to connect to a server on which I have an account.
To start open VPN, I run openvpn /etc/client.conf
SERVER
|
| internet
|
________________ tun0 from my ISP
| FW, NAT, DHCP |
|_______________| 192.168.1.1
|
_____|____
| SWITCH |
|_________|
|
|
______|_____ 192.168.1.99 (on msk0)
| MYBOX |
|__________| tun0 from my VPN server
My inside network is running fine. I want to route all
internet traffic trough tun0 an VPN, which I can't do.
My /etc/client.conf file is:
client
proto tcp (the server accepts only TCP)
remote a.b.c.d (the server)
port 443
dev tun0
dev-type tun
persist-key
redirect-gateway def1
ns-cert-type server
reneg-sec 86400
auth-user-pass
auth-retry interact
comp-lzo
verb 5
I authenticates OK, I get the "Initialization Sequence
Completed" message.
I do get a tun0 from the server: 10.xx.yy.170
Regardless of redirection option, server says
"unknown --redirect-gateway flag"
I get the following netstat -nr
Routing tables
Internet:
Destination Gateway Flags Iface
default 10.xx.yy.1 UGS tun0
default 192.168.1.1 UGS msk0
10.xx.yy/24 link#5 UC tun0
10.xx.yy.1 link#5 UHLc tun0
127/8 127.0.0.1 UGRS lo0
127.0.0.1 127.0.0.1 UH lo0
128/1 10.85.84.1 UGS tun0
192.168.1/24 link#2 UC msk0
192.168.1.1 00:0d:b9:12:e7:70 UHLc msk0
192.168.1.99 127.0.0.1 UGHS lo0
a.b.c.d/32 192.168.1.1 UGS sk0
224/4 127.0.0.1 URS lo0
MyBox can ping the server a.b.c.d, tun0 and the local network.
It cannot ping 10.xx.yy.1
The nobind option doesn't seem to be an issue.
How do I get mybox to route all internet traffic
through tun0?
I found a lot of articles about howto do something "similar" to that.
The only thing I got out of them is that I might have to run pf on
MyBox. I tried with not much success. I also tried to manually
add some routes, no success either.
I found others that had the same problem, it seems that when
they found the solution, they didn't post it.
Henry Gall
