Re: [Openvpn-users] --socks-proxy and --redirect-gateway def1

Mon, 03 May 2021 06:24:44 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, 3 May 2021 14:00, Gert Doering <g...@greenie.muc.de> wrote:

> Hi,
>
> On Mon, May 03, 2021 at 12:52:22PM +0000, tincantech wrote:
>
> > My initial question was:
> > Does --redirect-gateway do the same for --socks-proxy/--http-proxy
> > as it does for --remote? Install a route for the server we are connected
> > to so that address is not routed into the tunnel.
>
> So the answer is "yes"

So it seems ;-)

>
> > The bug in this case is that, while openvpn does do the same for at least
> > --socks-proxy (have not tested --http-proxy but assume it is the same here),
> > there is no documentation to that effect.
>
> Patches welcome.

Now I know the intended behaviour, I can send something (hopefully with the
correct email) -- btw, any news on daemon_pid for --tls-crypt-v2-verify ?)

>
> > As an improvement to openvpn, installing an over-ride route for localhost
> > when using --redirect-gateway and the --remote/--socks/hhtp-proxy is
> > 127.0.0.1 seems like it would be possible ?
>
> No. The problem is not that 127.0.0.1 isn't reachable (it always is),
> but that by talking to 127.0.0.1, OpenVPN does not know what the
> "real" jump server address is (that OpenSSH etc connects to).
>
> So OpenVPN needs a host route for the server that OpenSSH is talking
> to, but since there is no talk between OpenSSH and OpenVPN, the latter
> doesn't know what to do.

Right, right, I forgot how that works but yes, you are of course, correct.

Thanks
R

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsBzBAEBCAAGBQJgj/kBACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec
9muQuJ0XtAf+PztfBnShN0o/8ndVO0hwY3fmf5jwvqqJ4tcjC0GH6p9SnCE4
CkTBr8AyKkX0jUch2+zHDVBJYdPm+L/DYbJAk2Dw+3daUdEJ8Xjt2KpbuUFz
oP5Y2XfVYCmV7u9Fc9WnAuCnQFk919v988jyfZm3tX1piFu0JZCGxMx93CSb
OdmQnzrvQQJG29xuvnJXOvaCKmPZKeaRL+05M3HtPZbjsMXwPQouDzhGUIrj
VesCQBtqfKzfwcUMthRH73xdTmgqshhK9VICH9USR2mQU7ZKlr5D4yxd1foS
OpPust/GlNASDiIcqw9Pq5dujqsiZFbk2+VRnAM7FCcCa2Y1qqdoBg==
=uAuG
-----END PGP SIGNATURE-----

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to