Hi,
On 22/09/22 16:06, Sebastian Arcus wrote:
I use openvpn on laptops to access the vpn server and the network
behind it. When the laptops are connected directly to the vpn server
home network, to stop traffic going through the vpn, for years I've
used successfully the route metric directive:
push "route-metric 500"
The 500 metric is supposed to be higher than wired connections, so the
wired connection was preferred when connected to the openvpn server
home lan, instead of the vpn connection.
This doesn't seem to work properly with Windows 10 any more. Although
the route metric does get set correctly on Windows 10, it seems to
just ignore it and route all traffic
sounds like Windows 10 is finally getting routing right , or more
likely, that something changed in your LAN routes that you weren't aware
of ;)
normal routing means that a more *specific* route wins over the *metric*
of a route, e.g.
- a route to 192.168.112.0/24 with metric 500 is more specific than a
route to 192.168.0.0/16 with metric 50, so this would get routed over
the tunnel.
It will be interesting to see the routing table after the VPN client has
connected - that will most likely tell us what is happening here.
HTH,
JJK
Does anyone know if Windows 10 now behaves differently with regards to
route metric? Is there a new recommended way to deal with this issue?
More details below of my setup:
Server: openvpn 2.5.7, Linux Slackware
Client: openvpn 2.5.7, Windows 10
OpenVPN server lan subnet: 192.168.112.0/24
OpenVPN subnet: 192.168.114.0/24
server.conf
proto udp
port 1194
dev tun
server 192.168.114.0 255.255.255.0
push "route 192.168.112.0 255.255.255.0"
push "dhcp-option DNS 192.168.112.1"
push "dhcp-option WINS 192.168.112.1"
push "route-metric 500"
ca "ca.crt"
cert "server.crt"
key "server.key"
tls-auth "ta.key" 0
dh "dh.pem"
client.conf
client
windows-driver wintun
proto udp
remote vpn.remote.address
port 1194
resolv-retry infinite
ping-restart 10
persist-key
persist-tun
key-direction 1
remote-cert-tls server
ca "ca.crt"
cert "client.crt"
key "client.key"
tls-auth "ta.key" 1
remote-cert-tls server
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
