janhoedt
asked on
Openvpn set metric on route?
Hi,
My local lan has same ip range as remote: 192.168.2.x.
Can I set a metric on routes to solve this?
J.
My local lan has same ip range as remote: 192.168.2.x.
Can I set a metric on routes to solve this?
J.
ASKER
I only need one subnet at a time. Only the remote when I connect via vpn. So what should I add then and where?
It would be nice to do this on client as well as having possibility on server too.
It would be nice to do this on client as well as having possibility on server too.
I believe the ideal way to get around this is to use dynamic IP pools so that you can NAT to the remote site. I like this method alot since it allows access to both local and remote.
That being said the quick and dirty way to get this to work without configuring complex DIP pools is to disable split-tunneling.
This will force all traffic through the VPN even for your local subnet. Beware that if you have local network printers they will not be usable, and ofcourse all your internet traffic will go through the vpn
That being said the quick and dirty way to get this to work without configuring complex DIP pools is to disable split-tunneling.
This will force all traffic through the VPN even for your local subnet. Beware that if you have local network printers they will not be usable, and ofcourse all your internet traffic will go through the vpn
ASKER
Please clarify the dynamic ip pools.
2nd option is not valid for me.
2nd option is not valid for me.
Hi janhoedt, in an earlier post you stated: "I only need one subnet at a time. Only the remote when I connect via vpn. So what should I add then and where?
The 2nd option gives you exactly this scenario.
If you still can not use this option, you can create static routes for specific IP addresses in your route table and point them to the VPN gateway, while leaving your route table default gateway pointing to your regular internet connection.
The 2nd option gives you exactly this scenario.
If you still can not use this option, you can create static routes for specific IP addresses in your route table and point them to the VPN gateway, while leaving your route table default gateway pointing to your regular internet connection.
ASKER
On Ophone 2nd option is ok.
ASKER
>If you still can not use this option, you can create static routes for specific IP addresses in your route table
Please specify how. I'd like to do this within the config of OpenVPN, in other words it should push this routes within its configfile so that every pc that runs openvpn has this routes.
Please specify how. I'd like to do this within the config of OpenVPN, in other words it should push this routes within its configfile so that every pc that runs openvpn has this routes.
The config file may include the corresponding route commands. Choose the subnet mask to be more specific than the local one to force precedence. Usually you set up host routes for single IPs, but you can also use subnets.
You have the choice to include the routing commands in each local client config file (having more flexibility but more admin effort), or centrally in the server's config file. You only need to do one of both, and I recommend to push the routes from server on connection:
You have the choice to include the routing commands in each local client config file (having more flexibility but more admin effort), or centrally in the server's config file. You only need to do one of both, and I recommend to push the routes from server on connection:
# a single IP
push "route 192.168.2.1 255.255.255.255"
# a subrange of the network: .248-.255
push "route 192.168.2.248 255.255.255.248"
You can also use the other approach to direct all traffic to OpenVPN with
redirect-gateway deflpush "redirect-gateway defl"ASKER
I know the commands thanks. I know the redirect gateway options and I don't want to use it.
The routes are already pushed. As mentioned, I need to put a metric on the routet, that's all I need.
Can that be done on the push route?
The routes are already pushed. As mentioned, I need to put a metric on the routet, that's all I need.
Can that be done on the push route?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've set the
route 192.168.0.0 255.255.0.0 192.168.33.2 10
in the config-file but route print shows
route 192.168.0.0 255.255.0.0 192.168.33.2 30
so it did not accept it.
route 192.168.0.0 255.255.0.0 192.168.33.2 10
in the config-file but route print shows
route 192.168.0.0 255.255.0.0 192.168.33.2 30
so it did not accept it.
If you want to access both subnets or each other at the same time, one of them should be using a different IP schema or hiding behind a NAT gateway.