Openvpn set metric on route?

Hi,

My local lan has same ip range as remote: 192.168.2.x.
Can I set a metric on routes to solve this?

J.
janhoedtAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
QlemoConnect With a Mentor DeveloperCommented:
Yes, but since the local routes have better metric, it will get difficult to manage it that way. In fact you do not need the metric! As I said, a host route (or any route with more restrictive subnet mask) has precedence over a more generic. Since the local network is 192.168.2.0/24, any more specific route up to 192.168.2.0/25 and 192.168.2.128/25 leads to redirecting the corresponding traffic via OpenVPN.

"I know the commands thanks." - obviously you do not. Else you would be able to look into the manual, which clearly tells what the options for the route command are. The man page is always what you should look first at if you need a config option for OpenVPN. The syntax is
route network/IP [netmask] [gateway] [metric]

Open in new window

You can use "default" or vpn_gateway for gateway to keep it dynamic.
0
 
bbaoIT ConsultantCommented:
metric can help here in distinguishing two subets sharing the same scope because in a routing table, subnet and mask are just the factors used to identify a network.

If you want to access both subnets or each other at the same time, one of them should be using a different IP schema or hiding behind a NAT gateway.
0
 
janhoedtAuthor Commented:
I only need one subnet at a time. Only the remote when I connect via vpn. So what should I add then and where?
It would be nice to do this on client as well as having possibility on server too.
0
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

 
Sanga CollinsSystems AdminCommented:
I believe the ideal way to get around this is to use dynamic IP pools so that you can NAT to the remote site. I like this method alot since it allows access to both local and remote.

That being said the quick and dirty way to get this to work without configuring complex DIP pools is to disable split-tunneling.

This will force all traffic through the VPN even for your local subnet. Beware that if you have local network printers they will not be usable, and ofcourse all your internet traffic will go through the vpn
0
 
janhoedtAuthor Commented:
Please clarify the dynamic ip pools.

2nd option is not valid for me.
0
 
Sanga CollinsSystems AdminCommented:
Hi janhoedt, in an earlier post you stated: "I only need one subnet at a time. Only the remote when I connect via vpn. So what should I add then and where?

The 2nd option gives you exactly this scenario.

If you still can not use this option, you can create static routes for specific IP addresses in your route table and point them to the VPN gateway, while leaving your route table default gateway pointing to your regular internet connection.
0
 
janhoedtAuthor Commented:
On Ophone 2nd option is ok.
0
 
janhoedtAuthor Commented:
>If you still can not use this option, you can create static routes for specific IP addresses in your route table
Please specify how. I'd like to do this within the config of OpenVPN, in other words it should push this routes within its configfile so that every pc that runs openvpn has this routes.
0
 
QlemoDeveloperCommented:
The config file may include the corresponding route commands. Choose the subnet mask to be more specific than the local one to force precedence. Usually you set up host routes for single IPs, but you can also use subnets.
You have the choice to include the routing commands in each local client config file (having more flexibility but more admin effort), or centrally in the server's config file. You only need to do one of both, and I recommend to push the routes from server on connection:
# a single IP
push "route 192.168.2.1 255.255.255.255"
# a subrange of the network: .248-.255
push "route 192.168.2.248 255.255.255.248"

Open in new window

0
 
QlemoDeveloperCommented:
You can also use the other approach to direct all traffic to OpenVPN with
redirect-gateway defl

Open in new window

on client or
push "redirect-gateway defl"

Open in new window

on server.
0
 
janhoedtAuthor Commented:
I know the commands thanks. I know the redirect gateway options and I don't want to use it.
The routes are already pushed. As mentioned, I need to put a metric on the routet, that's all I need.
Can that be done on the push route?
0
 
janhoedtAuthor Commented:
I've set the
route 192.168.0.0 255.255.0.0 192.168.33.2 10

in the config-file but route print shows
route 192.168.0.0 255.255.0.0 192.168.33.2 30
so it did not accept it.
0
All Courses

From novice to tech pro — start learning today.