Re: [Openvpn-users] Unable to redirect IPv4 default gateway -- Cannot read current default gateway from system

Sun, 20 Aug 2023 05:19:24 -0700 

Hi,

On Sun, Aug 20, 2023 at 09:49:25AM +0000, Jason Long wrote:
> >On Sat, Aug 19, 2023 at 02:18:37PM +0000, Jason Long via Openvpn-users wrote:
> > Sat Aug 19 18:23:53 2023 NOTE: unable to redirect IPv4 default gateway -- 
> > Cannot read current default gateway from system
> 
> >If client and server are in the same network, and the client has no default
> >route, the normal algorithm for "redirect-gateway" does not work.
> 
> >Try "redirect-gateway def1 autolocal" or "redirect-gateway def1 local"
> >in the client config.

> It didn't matter and I got the error.
> when I removed the local statement, then my client can connect to my server.

You are mixing stuff again.  The log file above shows a successful connect
where the client can not setup a default-route due to the way client and
server are in the same network.  To work around that, the "redirect-gateway"
line (either in the client config or pushed) MUST have the "local" or
"autolocal" flag.

This is not the same as "local" in the server config, it's an extra
additional argument to the "redirect-gateway" option.

> Excuse me, how you configure an OpenVPN server with multiple IP addresses?

First of all, I try to figure out what my *goal* is.

Then I decide "do I want the server to listen on *one* IP address?" 
  -> if yes, use "local i.p.a.ddr".
  -> if no, and UDP is used, then you should use "multihome"
     (it might work without, but "when will it work and when not" requires
     a deeper understanding of socket behaviour and UDP source address
     selection)

Then, I try to understand how packets from the client to the server 
can arrive (routing!!!), and go testing.

THEN, when I have this all working AND have understood what I did and why,
I start with --client-connect & friends, and iptables.  After each step,
re-test, and if it does not work, find out why - without changing the
basic setup again.

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             g...@greenie.muc.de

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to