Maybe someone can help me.
About the directive ** push "redirect-gateway def1" ** I have found the
following explanation:
"Parameter def1: Instead of replacing the existing default gateway, OpenVPN
will add two new routes, 0.0.0.0/1 and 128.0.0.0/1. These routes
together also
cover all IPv4 space, and are more specific (/1) than the regular
gateway (/0).
Routing always takes place over the more specific routes, and thus all
traffic
is sent over the VPN. The advantage of this trick is that the default
gateway
is left intact. If the VPN connection is stopped, the original gateway
can be
restored. Note that in this case, OpenVPN will add an explicit route to the
OpenVPN server itself, so the encrypted traffic itself will not be sent
over the
tunnel."
From the above, and after some research in Internet, I undestand (I
imagine that I am wrong...) that all IP packets transit through the VPN
server, even those IP packets that are not destined to a host belonging
to the VPN. To me this means the following: an IP packet destined to a
host not belonging to the VPN
travels through the VPN tunnel until some an unspecified point, then it
leaves the secure VPN tunnel in order to reach the "unsafe" host.
Now my (stupid?) question is: since sooner or later the IP packet will
leave the secure VPN tunnel, what is the purpose to make it travel
through the secure VPN tunnel only for the first part of its trip? Why
not use the unsafe direct way?
Any help is appreciated.
--
====
Lampo@Gmail-IMAP
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
