Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Manage Traffic To OpenVPN Server

Posted on 2007-12-05
3
603 Views
Last Modified: 2013-12-16
Hi All

I have installed the OpenVPN server and I have installed the openvpn gui on XP SP2 the client connects successfully..I need to achieve the following scenario..I want some traffic to some specific server to go through the VPN server while I want all other Internet traffic to go through the ISP.

Route A : XP   VPN Interface 10.0.8.6---> 10.0.8.1 (VPN Interface) + (80.80.80.80 public IP + Interface) VPN Server --> Servers with same public IP subnet like VPN server
Route B:  XP ethernet Interface class C IP --> Gateway --> ISP --> Internet

I want to start the VPN connection and have all traffic to my pulic servers routed through VPN and all the traffic for the Internet to pass through the ISP.

I have used the redirect-gateway directive but that did pipe all traffic to the Internet through the VPN server.

I have used push 'route 80.80.80.0 255.255.255.0' that allowed me to pipe Internet traffic through the ISP but all traffic to 80.80.80.0/24 timed out even though I have masquerading and ip forwarding enabled on the OpenVPN server..

Any suggestions ?

Thanks
0
Comment
Question by:http:// thevpn.guru
  • 2
3 Comments
 
LVL 14

Accepted Solution

by:
arrkerr1024 earned 500 total points
ID: 20415280
You're on the right track.

When you used redirect-gateway and all traffic went over the VPN were you able to access your 80.80.80.0/24 network and the internet (going over the vpn of course)?  Remember that machines on your 80.80.80.0/24 network need to know how to communicate with your VPN network, so either the VPN server has to be their default gateway, their gateway needs to have a route back to the VPN server for VPN traffic, or they need static routes set on them to get back, or the VPN server needs to NAT the traffic.

Try taking out all route directives and connecting to the vpn and make sure you can connect to the internet.  Then use the windows route commands to modify your route and add the 80.80.80.0/24 network with the remote side of your VPN as the gateway.
0
 
LVL 19

Author Comment

by:http:// thevpn.guru
ID: 20416209
I would really prefer a server side solution because this VPN client is going to be distributed to more than 30 users...I liked the static route idea..if I add static routes on my servers telling them to send traffic to 10.0.0.0/24 to the VPN server would that work..?
0
 
LVL 19

Author Comment

by:http:// thevpn.guru
ID: 20418483

I have done research..please check with me the following

I am on a network and the OpenVPN is on the Internet on another network with no push options and gateway redirects..I can ping 10.8.0.1 from the client if I establish a VPN network connection, and if I trace the connection to the public IP of the server it goes through my ISP>

If I do push 80.80.80.0 255.255.255.0 my public network then I can neither ping 10.8.0.1 nor 80.80.80.10 the VPN server although the routing table of the OpenVPN server has an entry to send data to the 10.8.0.0/24 network through tun 0

[root@localhost ~]# route -n | grep 10.8.0
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0

So it should know that packets coming from 10.8.0.0/24 should be sent back through tun0..right ?

And


tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

As for the client routing table..

C:\Documents and Settings\ali.jawad>netstat -r

Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 b9 24 df 85 ...... Broadcom NetXtreme 57xx Gigabit Controller - Pac
ket Scheduler Miniport
0x3 ...00 ff 0a 6e 17 9b ...... TAP-Win32 Adapter V8 - Packet Scheduler Miniport

0x4 ...00 ff db 1b 6a d1 ...... TAP VPN Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.176       20
         10.8.0.1  255.255.255.255         10.8.0.5        10.8.0.6       1
         10.8.0.4  255.255.255.252         10.8.0.6        10.8.0.6       30
         10.8.0.6  255.255.255.255        127.0.0.1       127.0.0.1       30
   10.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       30
     80.80.80.0    255.255.255.0         10.8.0.5        10.8.0.6       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.0.0    255.255.255.0    192.168.0.176   192.168.0.176       20
    192.168.0.176  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.0.255  255.255.255.255    192.168.0.176   192.168.0.176       20
        224.0.0.0        240.0.0.0         10.8.0.6        10.8.0.6       30
        224.0.0.0        240.0.0.0    192.168.0.176   192.168.0.176       20
  255.255.255.255  255.255.255.255         10.8.0.6               4       1
  255.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       1
  255.255.255.255  255.255.255.255    192.168.0.176   192.168.0.176       1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None


Thanks


0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux Ubuntu - Volume "boot" has only 0 bytes disk space remainig 6 85
expectj telnet failing 5 45
ignore other .htaccess 2 58
Linux FTP Error 5 33
Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question