[Openvpn-users] one client as default gw for another client with routed setup

[sergio]

Hello.

I've already tried to discuss this in IRC as I thought it's simple and 
short question, but it seems that it is not.

The sort question is:

"Is it true, that making one client to be default gateway for another 
client is impossible with routed setup (OK, without NAT on vpn server), 
and this is another argument for bridged setup, not listed in 
BridgingAndRouting doc?"



Discussion in IRC stopped on that dazo was hungry, segwent promissed to 
test this case and kitsune1 confirms my thoughts.

The full question is:

Yes, I've read Bridging vs. Routing:
https://community.openvpn.net/openvpn/wiki/BridgingAndRouting

And I don't want to bridge or to transport non-IP based traffic, like 
IPX. But I want to make one client to be default gw for another client.

Is it possible (and how) to do this with routed setup? (Without NAT'ing 
on server as it's not pure routed setup.)


Routed setup example:
openvpn server : 10.0.1.1, network : 10.0.1.0/24
client A       : 10.0.2.1, network : 10.0.2.0/24
client B       : 10.0.3.1, network : 10.0.3.0/24

Ping from 10.0.3.17 (the host behind B) to 10.0.2.32 (the host behid A) 
works fine.

I can route 1.1.1.1 from 10.0.3.0/24 via 10.0.1.2 by adding:
ip r add 1.1.1.1 via 10.0.1.1 (on client B)
iroute 8.8.8.8 255.255.255.255 (to ccd/A on the server)

The question is how to route all traffic from 10.0.3.0/24 via 10.0.1.2 
to the internet?

When I do `ip route replace default via 10.0.1.2` on 10.0.3.1 the 
traffic goes out via 10.0.1.1 and doesn't reach 10.0.1.2, of course.



=== client.conf:
client
remote IP
proto tcp
dev-type tun

tls-client
remote-cert-tls server
ca
cert
key


=== server.conf:
local 0.0.0.0
port 1194
proto tcp-server
dev-type tun
persist-tun
topology subnet

tls-server
ca
key
cert
dh

mode server
ifconfig 10.0.1.1 255.255.255.0
client-config-dir ccd

client-to-client
push "topology subnet"
push "route-gateway 10.0.1.1"
push "route 10.0.1.0 255.255.255.0"

push "route 10.0.2.0 255.255.255.0"
push "route 10.0.3.0 255.255.255.0"

route 10.0.2.0  255.255.255.0 10.0.1.2
route 10.0.3.0  255.255.255.0 10.0.1.3


=== ccd/A
ifconfig-push 10.0.1.2 255.255.255.0
iroute 10.0.2.0 255.255.255.0


=== ccd/B
ifconfig-push 10.0.1.3 255.255.255.0
iroute 10.0.3.0 255.255.255.0


--
sergio.


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users