OpenDNS?

Hi,

I was looking for a way to route only my Internettraffic via my openvpn-conneciton and stumbled upon opendns.

Can somebody explain me the practical goal/use of it? I 've read the explanation but don't get the full concept and how I could implement it correctly in my config.

Note: I'm working with a dyndns.

Thanks,
J.
janhoedtAsked:
Who is Participating?
 
PapertripConnect With a Mentor Commented:
Basically here is what needs to be done:

Setup static routes for all internal networks with a gateway of 10.101.161.254
Set the default gateway (0.0.0.0) to 172.16.1.6

You can try setting the default gateway in the server config by using redirect-gateway statement I posted.  I'm not sure about the "def1" at the end of it, but try it anyways and paste the modified routing table.
0
 
PapertripCommented:
I'm not totally clear on what you are asking.  Do you want to route internet-bound traffic over one interface and internal-bound traffic over another?
0
 
janhoedtAuthor Commented:
Yes, that would be the goal indeed.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
PapertripCommented:
OK then this is not a DNS issue, but rather a routing issue.

Which OS?

paste the output of 'netstat -rn' from cmd.exe or command line.
0
 
janhoedtAuthor Commented:
In openvpn you can specify a gateway, but then ALL my traffic is routed over openvpn.
I need to specify which traffic goes over openvpn and which not. Ideal situation would be I could specify:
-lan traffic not over vpn (I can see them in route print)
-internet traffic over vpn with an exception list I can manually edit (if possible)

I might need a proxy on my openvpn network (it's running on a Synology NAS)?
0
 
janhoedtAuthor Commented:
Goal is to have this as flexible as possible. Iow I would like to do this on openvpn-client, not on machine.

nestat -rn

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   10.101.161.254  10.101.161.129       1
     10.101.160.0    255.255.254.0   10.101.161.129  10.101.161.129       20
   10.101.161.129  255.255.255.255        127.0.0.1       127.0.0.1       20
   10.255.255.255  255.255.255.255   10.101.161.129  10.101.161.129       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
       172.16.1.0    255.255.255.0       172.16.1.5      172.16.1.6       1
       172.16.1.1  255.255.255.255       172.16.1.5      172.16.1.6       1
       172.16.1.4  255.255.255.252       172.16.1.6      172.16.1.6       30
       172.16.1.6  255.255.255.255        127.0.0.1       127.0.0.1       30
   172.16.255.255  255.255.255.255       172.16.1.6      172.16.1.6       30
      192.168.1.0    255.255.255.0       172.16.1.5      172.16.1.6       1
        224.0.0.0        240.0.0.0   10.101.161.129  10.101.161.129       20
        224.0.0.0        240.0.0.0       172.16.1.6      172.16.1.6       30
  255.255.255.255  255.255.255.255   10.101.161.129  10.101.161.129       1
  255.255.255.255  255.255.255.255   10.101.161.129               2       1
  255.255.255.255  255.255.255.255       172.16.1.6      172.16.1.6       1
0
 
PapertripCommented:
Assuming your openvpn gateway is 10.101.161.254, correct?

What is probably happening is that in your server config you have something like
push "redirect-gateway def1"

Open in new window

which is going to set the default gateway of client machines to be the vpn gateway.

So, if you admin the server, remove that line.  If you are a client only, then set
route-nopull

Open in new window

in the client config and re-add all of the other routes that openvpn adds to your routing table.

Is this a personal VPN or something setup by your employer?  I ask because if this is a work vpn, they probably have a good reason for setting it up how they did.  I don't advocate changing settings if that is the case.
0
 
janhoedtAuthor Commented:
Hi,

Thanks for your input!
No, my vpn gateway is 172.16.1.6 (the openvpn server -Synology NAS-).
It's a personal vpn I'm testing with in order to set it up for a small company which has laptops which should be able to connect from anywhere over openvpn (3G, behind proxy etc).

I would like to be able to switch between settings: route all traffic through vpn or not, route specific routes or not, exceptions ...
So I could change the vpn-server, but would prefer to have flexibility on the client-side/make different profiles.

J.
0
 
PapertripCommented:
To easily switch between routing fully over the vpn or not would probably be best handled by adding/removing "push "redirect-gateway def1"" in the server config.

From what I can see, the only thing that can be done client-side is to prevent routes from being pushed by the server, thus requiring all vpn routes that are normally added to be added manually.

I must say that I don't have direct experience with this situation, perhaps someone else can answer if client-specific profiles are an option, or verify if my answers are correct.
0
 
janhoedtAuthor Commented:
Settings server:
so if I remove the push routes, these will not be routed by my vpn anymore?

Note: there is no push redirect gateway. Traffic is not all over vpn, only my lan, think you understood that wrong. Would only like to set Internet-traffic over vpn.

SETTINGS VPN-SERVER:
------------------------
DS> vi openvpn.conf
push "route 192.168.1.0 255.255.255.0"
push "route 172.16.1.0 255.255.255.0"
dev tun

management 127.0.0.1 1195

server 172.16.1.0 255.255.255.0


dh /usr/local/synovpn/etc/openvpn/keys/dh1024.pem
ca /usr/local/synovpn/etc/openvpn/keys/ca.crt
cert /usr/local/synovpn/etc/openvpn/keys/server.crt
key /usr/local/synovpn/etc/openvpn/keys/server.key

max-clients 5

comp-lzo

persist-tun
persist-key

verb 3


#log-append /var/log/openvpn.log

keepalive 10 60
reneg-sec 0

plugin /usr/local/synovpn/lib/radiusplugin.so /usr/local/synovpn/etc/openvpn/rad
client-cert-not-required
username-as-common-name
duplicate-cn
proto tcp
~



auth-user-pass
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.