Re: [Openvpn-users] Correct way to handle routing when on home network?

Thu, 22 Sep 2022 11:33:04 -0700 

On 22/09/2022 19:25, tincantech wrote:

Hi,

Sent with Proton Mail secure email.

------- Original Message -------
On Thursday, September 22nd, 2022 at 15:06, Sebastian Arcus 
<s.ar...@open-t.co.uk> wrote:



I use openvpn on laptops to access the vpn server and the network behind
it. When the laptops are connected directly to the vpn server home
network, to stop traffic going through the vpn, for years I've used
successfully the route metric directive:



push "route-metric 500"



The 500 metric is supposed to be higher than wired connections, so the
wired connection was preferred when connected to the openvpn server home
lan, instead of the vpn connection.



This doesn't seem to work properly with Windows 10 any more. Although
the route metric does get set correctly on Windows 10, it seems to just
ignore it and route all traffic



"route all traffic" is obviously used out of context here, see below:


Does anyone know if Windows 10 now behaves differently with regards to
route metric? Is there a new recommended way to deal with this issue?
More details below of my setup:



Server: openvpn 2.5.7, Linux Slackware
Client: openvpn 2.5.7, Windows 10
OpenVPN server lan subnet: 192.168.112.0/24
OpenVPN subnet: 192.168.114.0/24




server.conf



proto udp
port 1194
dev tun
server 192.168.114.0 255.255.255.0
push "route 192.168.112.0 255.255.255.0"
push "dhcp-option DNS 192.168.112.1"
push "dhcp-option WINS 192.168.112.1"
push "route-metric 500"
ca "ca.crt"
cert "server.crt"
key "server.key"
tls-auth "ta.key" 0
dh "dh.pem"





client.conf



client
windows-driver wintun
proto udp
remote vpn.remote.address
port 1194
resolv-retry infinite
ping-restart 10
persist-key
persist-tun
key-direction 1
remote-cert-tls server
ca "ca.crt"
cert "client.crt"
key "client.key"
tls-auth "ta.key" 1
remote-cert-tls server





No where is "route all traffic" set by either side.

For clarity.
Yes, you are right, sorry. I should have said that the traffic aimed at the openvpn lan ip address ends up being routed through the vpn tunnel, instead of directly through the lan. Thank you for pointing it out. 


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to