On Thu, Nov 13, 2014 at 12:51 PM, Gert Doering <g...@greenie.muc.de> wrote:
> Hi,
>
> On Thu, Nov 13, 2014 at 12:23:10PM -0600, Les Mikesell wrote:
>> > The VPN *server* will, by default, only tunnel the subnet towards the
>> > client that is designated for doing so ("--server $network $mask"), and
>> > send the rest towards its default route.
>>
>> A common scenario is to have pubic and private interfaces on the
>> server and only route the private side (and perhaps the connected
>> private LAN range) through the tunnel, leaving the public
>> interface/services as-is for direct access.
>
> That's not exactly "route through the tunnel" as far as the *server* is
> concerned - that's "what sort of route information is pushed towards
> the client". And yeah, there's two schools here - only announce the
> internal networks ("push route <internal>") or use the VPN for all
> internet traffic ("push redirect-gateway def1").
>.
Yes, but the client routing is what really controls this. And for
other services on the same server and IP address as the VPN target, it
has to stay direct regardless. You obviously can't route the tunnel
endpoint address into the tunnel.
--
Les Mikesell
lesmikes...@gmail.com
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
