Huge thanks to both of you! I really appreciate you trying to help me.
On 8/6/19 5:59 PM, Jan Just Keijser wrote:
as you stated: your bridged setup is working, and your clients in
network B get their DHCP addresses from the server in network A. The
only thing missing is the default route for these clients.
That means it's the DHCP server in network A that is not pushing the
right default gateway to these clients. Which DHCP server software are
you using? For standard dhcpd, you'd add something like
I did not think of the DHCP server because if a computer of network B
was physically moved into network A it did get the right gateway
information and therefore added a default route. So I do not think it is
the DHCP server's fault.
On 8/7/19 6:27 AM, Alex K wrote:
I understand that you have one server and one client. Then at eth1 of
client you have several computers. I would avoid using the term client
for these computers since they are not vpn clients but just devices on
network B connected at eth1 of client. This will avoid confusion.
You are right. My labeling was kind of confusing. I am sorry for that.
On 8/7/19 6:27 AM, Alex K wrote:
I suspect that pcs at network B are not able to add default gw pushed
from DHCP of A since that gw is not known to them (does not belong at
network B). For computers at net B to reach internet through A it is
enough to have redirect-gateway def1 for the client. This will force
all traffic from client to go through the tunnel. In case computers
are still not able to reach Internet through A then I would check NAT,
firewall, routing at client.
I tried adding redirect-gateway def1 to the clients configuration, which
indeed modifies the clients rules to push all outgoing traffic through
the tunnel. This however did not change anything on the other computers
of network B.
After a lot of trial and error I figured it out. Even though I do not
quite get it why this is working.
The server configuration did contain the server-bridge directive without
any additional parameters.
The OpenVPN documentation [1] states:
In another example, *–server-bridge* (without parameters) expands as
follows:
*mode server tls-server push "route-gateway dhcp" *
This means adding the directive without any parameters implies pushing
route-gateway dhcp.
The documentation also continues:
Or *–server-bridge nogw* expands as follows:
*mode server tls-server *
So by adding nogw the route-gateway dhcp directive is not pushed.
Adding
*server-bridge nogw*
*push "route-gateway arbitrary-ip-within-network-A"*
instead of
*server-bridged*
solved the problem of the missing default route on computers in network B*.*
This seems really weird, because I can specify any ip address within
network A and it will work.**It does not have to be the gateway/router
or the server. But the ip has to be within A's subnet.
The route-gateway directive does not add or delete any routes on the client.
So why then is this directive critical but still can contain any ip
address within network A? Can anyone of you explain this behavior?
Thank you so much for your help!
Best
Lorenz
****
[1]
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
