Hi,

On Mon, Apr 24, 2017 at 02:31:16PM -0400, David Mehler wrote:
> Thanks for the information on routing. So it is working? How then when
> I did the ipconfig /all didn't it show up as default gateway on the
> openvpn adapter?

Right.  It's not "the default gateway" (because that would be "the /0"),
but we "mask" the default route by having two catch-all /1 routes.

It needs some thinking through it, if you encounter it for the first
time, but then it feels like "oh, it is so obvious" :-)


> The issue when I tried to start the Interactive Services detection
> service was it kept giving me an error 1. Here's the fix for that:
> 
> https://blogs.technet.microsoft.com/home_is_where_i_lay_my_head/2012/10/09/windows-8-interactive-services-detection-error-1-incorrect-function/
> 
> Once Interactive Services detection service was going I restarted
> Openvpn gui (it is v2.4 and I never had 2.3 on this box), I did not
> get the Uac dialog box and the connection was successful. 

Mmmh.  This isn't "our" interactive service, but something in windows,
which we *should* not need - but I leave that part to Selva, because
I'm not so good in esoteric windows internals.

> My current
> route print looks like this:
[..]
> ===========================================================================
> Active Routes:
> Network Destination        Netmask          Gateway       Interface  Metric
>           0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.97     55

Default (/0).

>           0.0.0.0        128.0.0.0      192.168.0.1      192.168.0.2    291
>         128.0.0.0        128.0.0.0      192.168.0.1      192.168.0.2    291

Half-defaults (2x /1), covering all the space, pointing to the tap
interface.   Check, this is how it should be :-)

(Omitted the rest)

[..]
> Is this setup now fully working?  If so, can I tighten it up in any way?

It should be fine.

If you run a network sniffer like wireshark on your LAN interface now,
you should only see encrypted packets going to your VPN server (and traffic
local to the LAN network).

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             g...@greenie.muc.de
fax: +49-89-35655025                        g...@net.informatik.tu-muenchen.de

Attachment: signature.asc
Description: PGP signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to