Solved

Manage Traffic To OpenVPN Server

Posted on 2007-12-05
3
600 Views
Last Modified: 2013-12-16
Hi All

I have installed the OpenVPN server and I have installed the openvpn gui on XP SP2 the client connects successfully..I need to achieve the following scenario..I want some traffic to some specific server to go through the VPN server while I want all other Internet traffic to go through the ISP.

Route A : XP   VPN Interface 10.0.8.6---> 10.0.8.1 (VPN Interface) + (80.80.80.80 public IP + Interface) VPN Server --> Servers with same public IP subnet like VPN server
Route B:  XP ethernet Interface class C IP --> Gateway --> ISP --> Internet

I want to start the VPN connection and have all traffic to my pulic servers routed through VPN and all the traffic for the Internet to pass through the ISP.

I have used the redirect-gateway directive but that did pipe all traffic to the Internet through the VPN server.

I have used push 'route 80.80.80.0 255.255.255.0' that allowed me to pipe Internet traffic through the ISP but all traffic to 80.80.80.0/24 timed out even though I have masquerading and ip forwarding enabled on the OpenVPN server..

Any suggestions ?

Thanks
0
Comment
Question by:http:// thevpn.guru
  • 2
3 Comments
 
LVL 14

Accepted Solution

by:
arrkerr1024 earned 500 total points
ID: 20415280
You're on the right track.

When you used redirect-gateway and all traffic went over the VPN were you able to access your 80.80.80.0/24 network and the internet (going over the vpn of course)?  Remember that machines on your 80.80.80.0/24 network need to know how to communicate with your VPN network, so either the VPN server has to be their default gateway, their gateway needs to have a route back to the VPN server for VPN traffic, or they need static routes set on them to get back, or the VPN server needs to NAT the traffic.

Try taking out all route directives and connecting to the vpn and make sure you can connect to the internet.  Then use the windows route commands to modify your route and add the 80.80.80.0/24 network with the remote side of your VPN as the gateway.
0
 
LVL 19

Author Comment

by:http:// thevpn.guru
ID: 20416209
I would really prefer a server side solution because this VPN client is going to be distributed to more than 30 users...I liked the static route idea..if I add static routes on my servers telling them to send traffic to 10.0.0.0/24 to the VPN server would that work..?
0
 
LVL 19

Author Comment

by:http:// thevpn.guru
ID: 20418483

I have done research..please check with me the following

I am on a network and the OpenVPN is on the Internet on another network with no push options and gateway redirects..I can ping 10.8.0.1 from the client if I establish a VPN network connection, and if I trace the connection to the public IP of the server it goes through my ISP>

If I do push 80.80.80.0 255.255.255.0 my public network then I can neither ping 10.8.0.1 nor 80.80.80.10 the VPN server although the routing table of the OpenVPN server has an entry to send data to the 10.8.0.0/24 network through tun 0

[root@localhost ~]# route -n | grep 10.8.0
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0

So it should know that packets coming from 10.8.0.0/24 should be sent back through tun0..right ?

And


tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

As for the client routing table..

C:\Documents and Settings\ali.jawad>netstat -r

Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 b9 24 df 85 ...... Broadcom NetXtreme 57xx Gigabit Controller - Pac
ket Scheduler Miniport
0x3 ...00 ff 0a 6e 17 9b ...... TAP-Win32 Adapter V8 - Packet Scheduler Miniport

0x4 ...00 ff db 1b 6a d1 ...... TAP VPN Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.176       20
         10.8.0.1  255.255.255.255         10.8.0.5        10.8.0.6       1
         10.8.0.4  255.255.255.252         10.8.0.6        10.8.0.6       30
         10.8.0.6  255.255.255.255        127.0.0.1       127.0.0.1       30
   10.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       30
     80.80.80.0    255.255.255.0         10.8.0.5        10.8.0.6       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.0.0    255.255.255.0    192.168.0.176   192.168.0.176       20
    192.168.0.176  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.0.255  255.255.255.255    192.168.0.176   192.168.0.176       20
        224.0.0.0        240.0.0.0         10.8.0.6        10.8.0.6       30
        224.0.0.0        240.0.0.0    192.168.0.176   192.168.0.176       20
  255.255.255.255  255.255.255.255         10.8.0.6               4       1
  255.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       1
  255.255.255.255  255.255.255.255    192.168.0.176   192.168.0.176       1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None


Thanks


0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Why VNC doesn't work in Redhat? 11 61
Printing to old printer through Linux (CUPS) Print Server? 7 65
looking for a CENTOS ISO to download with x window installed 2 39
linux 13 50
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question