Re: [Openvpn-users] any way to get local network details to flow through to the server?

Fri, 05 Jun 2015 08:53:04 -0700 


> Message: 1
> Date: Tue, 2 Jun 2015 23:43:39 +0200
> From: Gert Doering <g...@greenie.muc.de>
> Subject: Re: [Openvpn-users] any way to get local network details to
> flow through to the server?
> To: Jason Haar <jason_h...@trimble.com>
> Cc: "openvpn-users@lists.sourceforge.net"
> <openvpn-users@lists.sourceforge.net>
> Message-ID: <20150602214339.gc...@greenie.muc.de>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi,
>
> On Wed, Jun 03, 2015 at 08:05:21AM +1200, Jason Haar wrote:
>> In this case using the openvpn tunnel as the default gw should have
>> solved the problem - but normal people can't figure that out - so I'd
>> like to solve it dynamically at the server end. However, to do that, the
>> server would need to know in advance the routing table of the client -
>> so that it could do something like "if 10.anything is local, then
>> disable split tunnel and push all traffic through openvpn; else do split
>> tunnel".
>
> I'm not exactly sure what options the client sends to the server in
> the "peer-info" handshake (IV_...), but I'm afraid that "routing data"
> is not part of it...
>
> What you could *try* is a magic option I just discovered recently :-) - push
> "redirect-private", and then push routes for 10.0.0.0/8 (and maybe a few
> /25s for the really important stuff, to override whatever 10.x netmask the
> hotel might use).
>
> --redirect-private is the bit of --redirect-gateway that figures out the
> local default gateway, and installs a host route "vpn server -> this gateway",
> so after that, you're fairly safe to redirect about anything...
>
> (As a side note, you're screwed in any case if the hotel gateway happens
> to use an ip address also used by one of your servers - but to fix *that*,
> you'd have to go down the "use NAT on the server tun" route...)
>
> gert


Can you further explain the "use NAT on the server tun"?  How would you solve 
the issue if the server has the same ip address as the hotel gateway?  Please 
post examples.

                                          
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to