[Tfug] OpenVPN and routing help
Harry McGregor
micros at osef.org
Tue Aug 2 22:45:06 MST 2016
Hi,
On 08/02/2016 02:49 PM, John Gruenenfelder wrote:
> Thanks for the advice.
>
> Perhaps this is complicated by the lack of internal DNS on my home
> network. Currently, I can access my server from the Internet at large
> as bebop.merseine.org thanks to a DynDNS.org account. Unfortunately,
> my home router is presently stuck on stock firmware until I get home.
> This means that, say, to have my laptop be able to access bebop from
> within the home network I had to add an entry to /etc/hosts so it uses
> the internal IP address instead of the external IP as resolved by
> other DNS servers.
>
> Obviously, that same entry just causes problems when I'm *not*
> connected to the internal network. Once I get dd-WRT on my router
> I'll have a lot more control over routing and DNS. Then, I think, I
> can have DNSmasq hand out different IPs for the same machine depending
> on what network the request comes in on: one IP for the internal
> network, a different IP for the VPN traffic.
>
> At least, if I'm thinking about this the right way... It's definitely
> not safe to tinker with the routing and/or DNS when I don't have
> physical access to the router or the server. I don't want to cut off
> my existing remote access accidentally. :)
>
>
First, sorry to hear your in the hospital for such a long stretch, hope
your getting better.
Basically this issue falls to the standard issue of VPNs, do you do
specific routes, or do you take default.
Taking default of course routes all traffic over the VPN, which is
probably not desirable in your case, but can be desirable if your client
network is considered hostile or unsafe.
The server side config option to take "default" is:
push "redirect-gateway"
You will want that commented out.
**
In your case, what you need is to push specific routes, which can be
done in your OpenVPN configuration.
Here are a few helpful links, if you need more, please post your config
files, and we can make suggestions.
This one has two clients, and wants to route traffic between the LANs
behind all three end points, a little more complicated then your
environment, but it still shows the pushing of routes:
https://community.openvpn.net/openvpn/wiki/RoutedLans
Another useful link, this time on hacking the routes via the client side
of the VPN:
http://unix.stackexchange.com/questions/263678/openvpn-understand-the-routing-table-how-to-route-only-the-traffic-to-a-spec
-Harry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20160802/ff5bbb38/attachment.html>
More information about the tfug
mailing list