On Tue, 2017-01-24 at 21:17 +0900, Tomasz Chmielewski wrote: > On 2017-01-24 21:04, Thomas Haller wrote: > > in many common setups, the VPN gateway will forward whatever > > packets > > you send it. I don't agree that "would almost never work" is > > accurate. > > With OpenVPN? I'd disagree. If it's the case with OpenVPN, than it > usually means that someone misconfigured OpenVPN server. > > It wouldn't normally act as a gateway without: > > # If enabled, this directive will configure > # all clients to redirect their default > # network gateway through the VPN, causing > # all IP traffic such as web browsing and > # and DNS lookups to go through the VPN > # (The OpenVPN server machine may need to NAT > # or bridge the TUN/TAP interface to the internet > # in order for this to work properly). > ;push "redirect-gateway def1 bypass-dhcp"
Hi Tomasz, what you quote doesn't say anything about whether the server would actually forward traffic for the default-route. It says, that clients are encouraged to configure the default-route via the VPN gateway. Depending on how you configure openvpn client- side, it may follow the server's suggestion (--pull, ipv4.never- default). Whether server-side would route traffic to a certain destination depends on the server's routes, iptable rules, ip_forward, and openvpn options. But there is no real disagreement here. A ~server-choice~ option certainly would make sense. I merely said, that I don't agree with "would almost never work". best, Thomas
signature.asc
Description: This is a digitally signed message part
_______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
