amcnabb at mcnabbs.org
Tue Jul 5 13:53:32 MDT 2005
On Tue, Jul 05, 2005 at 12:09:24PM -0600, Von Fugal wrote:
> Yes, it's a simple route, just default through the peer, the tricky part
> is keeping the route you need _to_ the peer to avoid the tunnel through
> the tunnel to make the tunnel collapse effect. You could write a script
> for the clients to run which adds a specific route through the router to
> the server then changes the default route (don't change the router
> address!) or I don't know how you'd do it the push way, which is what I
> would prefer.
Here we come across the automatic coolness in routing.
Each route has a netmask associated with it. The more broad the
netmask, the lower the entry in the table. The more restrictive the
netmask, the higher the entry in the table.
Let's say we have a wireless network which is 10.0.1.0/255.255.255.0
which doesn't have a gateway (but the VPN server is 10.0.1.1). Let's
also say the VPN gives us an IP address of 10.0.0.10/255.255.255.0 and
gives us a default route of 0.0.0.0/0.0.0.0 through the gateway
10.0.0.1. Since the 10.0.0.0 network has a more restrictive netmask,
everything to 10.0.1.1 will always get routed directly over the ethernet
interface. The correct behavior happens automatically.
OpenVPN is very smart and configurable when it comes to routes.
PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 186 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20050705/4a365920/attachment.bin
More information about the PLUG