Re: [Openvpn-devel] [PATCH] Stick routes to interfaces for Linux

Fri, 28 Apr 2006 16:22:32 -0700 

Hi Roy,

On Fri, Apr 28, 2006 at 12:28:46PM +0100, Roy Marples wrote:
> On Monday 17 April 2006 18:22, Petre Rodan wrote:
> > I have the following on the server's setup:
> >
> > push "route 10.0.0.0 255.255.255.0"
> > push "route 0.0.0.0 0.0.0.0"
> > push "redirect-gateway local"
> 
> .. snip ..
> 
> >
> > but with a patched beta14 version, I end up having 2 default gateways:
> >
> > it basically fails to remove my old default gateway.
> 
> I don't see that as an error as you're pusing a new gateway "route 0.0.0.0 
> 0.0.0.0" and you're saying redirect local.
> 
> So you would want to do either one or the other.

        if "redirect-gateway local" would have worked as expected, I would not 
be forced to also use "route 0.0.0.0 0.0.0.0". the thing is that if only 
"redirect-gateway local" is used and the client does not have a default route, 
a default route will NOT be added when openvpn is started [1].

        how does one end up not having a default gateway? simple. just stop the 
openvpn client, and you end up with no more default route. (only if that 
default route was placed there by openvpn itself of course)

IMHO "redirect-gateway local" should either set a default route even if one has 
not been found OR restore the default gateway he changed (on exit). otherwise I 
find it's usefulness limited.

to summarize, the 'push "route 0.0.0.0 0.0.0.0"' is used to force the client to 
have a default route thru the tun device (whatever state the client is in),
and 'push "redirect-gateway local"' is used to remove the old default gateway 
of the client, if one was present at the time openvpn was started. if I remove 
either of them, the client will be unable to use the network as expected. 
having a higher metric on the original default gateway fixes the problem, but 
not all clients have an elevated metric for the gateway.

[1]
Apr 28 21:33:21 [openvpn] /sbin/ifconfig tun0 10.0.2.6 pointopoint 10.0.2.5 mtu 
1500
Apr 28 21:33:21 [openvpn] NOTE: unable to redirect default gateway -- Cannot 
read current default gateway from system
# route -n | grep '^0.0.0.0' &>/dev/null || echo 'no default here'
no default here

cheers,
petre rodan

-- 
petre rodan
<kaio...@gentoo.org>
Developer,
Hardened Gentoo Linux

Attachment: pgpmyPmQGovIP.pgp
Description: PGP signature

Reply via email to