Hi,
Jan Just Keijser wrote:
On 03/07/15 15:15, Gert Doering wrote:
On Fri, Jul 03, 2015 at 01:56:39PM +0200, JÁKÓ András wrote:
yes this is possible; it's possible to push multiple gateways and
multiple (classless) routes (dhcp options 121 & 249).
If the metric on the tap-win adapter is set manually and is set low
enough the redirecting the gateway will also work.
However, changing the metric requires evelated access...
Sorry for the noise if that has been discussed before: Instead of
modifying the metric, how about pushing two /1 routes (0.0.0.0/1 and
128.0.0.0/1)?
Would work *if* windows supports the "classless routes" option (which
I'm not sure of) - and if it accepts DHCP on tap to provide a host
route for the VPN server to the original gateway on the normal LAN
interface. Without that host route, routing would loop (we'd send
packets *to* the VPN server into the tunnel, encapsulate, send
to the VPN server, into the tunnel, encapsulate, ... *boom*)
AFAICT windows does support that option (that's what I was referring
to with options 121 or 249) . OTOH, I am *not* sure if it allows you
to set a 0.0.0.0/1 route using that option, but I guess there's only
one way to find out.
FWIW: I've patched openvpn to set routes using DHCP on Windows and yes,
it works: I can add any route to the system routing tables, including
0.0.0.0/1 and 128.0.0.1/1 ; this could be used as an alternative to
requiring elevated privileges.
JJK
