Mathias Sundman wrote:
Hi!
> we use our linux vpn gateway and some win2000 road warrior clients with
> openvpn. I would like to route all internet traffic trough our firewall
> from the windows clients.
I´ve been thinking about doing this too, but never accually tried it.
What you basicly need to do is:
1. Don´t set a default gateway on your ethernet adapter.
you have to set otherwise the vpn connection can't estabilished.
2. Add a route to your openvpn server with a /32 mask pointing to the
gateway on your ethernet.
In your exampel this would be done with the following command on
Win2K where w.x.y.z is the IP of your remote openvpn server,
and a.b.c.254 is your local gateway.
ROUTE ADD w.x.y.z MASK 255.255.255.255 a.b.c.254
3. Setup OpenVPN as usual but also add a default gateway route to
the TAP interface.
The reason why I havn´t tried this is because I don´t know how to solve
the problem that the ROUTE command will be diffrent for each network you
hook your laptop into. So if you don´t want to manually do this every
time, you would need to write a little app that looks at the IP and
default gateway that has been assigned by DHCP, switch to static IP and
add the correct route.
Anyone that has a better solution to this?
you see exactly the problem!
on linux I can do (eg. in the up script):
----------------------------------
route add -host <remote-server-ip> dev ppp0
route del default dev ppp0
route add default dev tun0
----------------------------------
and we got it, but unfotunately on windows you can't route by interface
(or to be more precise on windos the interface is defined by it's ip
address even if you can specify the interface).
so I'd like to suggest a new option for openvpn to be portable (like in
the case of --route):
--route-internal
which do exactly as the above on all platform.
since openvpn know whcih ip address has the under the tun/tap interface.
or may it would be more better if the up script has one more (6th)
paramter and the underlying interface's ip address:
-----------------------------------
cmd tun_dev tun_mtu link_mtu ifconfig_local_ip ifconfig_remote_ip
underlying_ip [ init | restart ]
cmd tap_dev tap_mtu link_mtu ifconfig_local_ip ifconfig_netmask
underlying_ip [ init | restart ]
-----------------------------------
and in this case on linux we cn write an up script as:
----------------------------------
route add -host $5 dev ppp0
route del default dev ppp0
route add default dev tun0
----------------------------------
while on windows
----------------------------------
route add $5 gw $6
route delete 0.0.0.0 mask 0.0.0.0 $5
route add 0.0.0.0 mask 0.0.0.0 $4
----------------------------------
does it possible? or any better solution?
--
Levente "Si vis pacem para bellum!"
