Openvpn + Routing

Home » CentOS » Openvpn + Routing

December 6, 2015 Axel Glienke CentOS 5 Comments

Hello,

i have a little question.

My system:

ip route:
0.0.0.0/1 via 10.8.0.5 dev tun0
default via 192.168.2.1 dev br0 proto static metric 425
10.8.0.1 via 10.8.0.5 dev tun0
10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6
88.198.140.127 via 192.168.2.1 dev br0
192.168.2.0/24 dev br0 proto kernel scope link src 192.168.2.101
metric 425
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1

traceroute gmx.de traceroute to gmx.de (213.165.65.60), 30 hops max, 60 byte packets
1 Speedport.ip (192.168.2.1) 0.578 ms 0.662 ms 0.859 ms
^C

[root@h1 ~]# traceroute spiegel.de traceroute to spiegel.de (62.138.116.3), 30 hops max, 60 byte packets
1 10.8.0.1 (10.8.0.1) 35.009 ms 34.982 ms 34.956 ms

Why the routing is different, in first case over br0 in second over
the vpn device?

How can i disable “push default route” from the server-directive on
client-side in OpenVPN?
I want, that only traffic, incoming over tun0 routing back over tun0.
Is this possible with firewalld-cmd?

Thx.

Grüße

Axel

5 thoughts on - Openvpn + Routing

Have no idea what 0.0.0.0/1 is, but 62.138.116.3 is part of 0.0.0.0/1
and 213.165.65.60 is not.

Hello,

there is one route missing:

128.0.0.0/1.

config client:
route-nopull redirect-gateway def1 bypass-dhcp

best regards Helmut

Viele Grüße Helmut Drodofsky

Internet XS Service GmbH
Heßbrühlstraße 15
70565 Stuttgart

Geschäftsführung Dr.-Ing. Roswitha Hahn-Drodofsky HRB 21091 Stuttgart USt.ID: DE190582774
Tel. 0711 781941 0
Fax: 0711 781941 79
Mail: info@internet-xs.de http://www.internet-xs.de

Am 06.12.2015 um 20:26 schrieb Axel Glienke:

Helmut Drodofsky wrote:

mark

and I hope not /1 or that would encompass all networks with the first octet from 128-255

default route normally is

0.0.0.0/0

to overwrite default you can
– erase the existing an add the new one: this change is to do vice versa: an start up and shut down; so you need an installation dependend information about the default Gateway.

Alternativly you can add two routes:
0.0.0.0 netmask 128.0.0.0 and
128.0.0.0 netmask 128.0.0.0

then you have routes, that overwrites the existing default. You have only to add this specific routes on openvpn up and delete on openvpn down.

Александр Кириллов says:

December 6, 2015 at 2:01 pm

Have no idea what 0.0.0.0/1 is, but 62.138.116.3 is part of 0.0.0.0/1
and 213.165.65.60 is not.
Helmut Drodofsky says:

December 7, 2015 at 9:59 am

Hello,

there is one route missing:

128.0.0.0/1.

config client:
route-nopull redirect-gateway def1 bypass-dhcp

best regards Helmut

Viele Grüße Helmut Drodofsky

Internet XS Service GmbH
Heßbrühlstraße 15
70565 Stuttgart

Geschäftsführung Dr.-Ing. Roswitha Hahn-Drodofsky HRB 21091 Stuttgart USt.ID: DE190582774
Tel. 0711 781941 0
Fax: 0711 781941 79
Mail: info@internet-xs.de http://www.internet-xs.de

Am 06.12.2015 um 20:26 schrieb Axel Glienke:
says:

December 7, 2015 at 11:00 am

Helmut Drodofsky wrote:

mark
John R says:

December 7, 2015 at 11:29 am

and I hope not /1 or that would encompass all networks with the first octet from 128-255
Helmut Drodofsky says:

December 8, 2015 at 11:15 am

default route normally is

0.0.0.0/0

to overwrite default you can
– erase the existing an add the new one: this change is to do vice versa: an start up and shut down; so you need an installation dependend information about the default Gateway.

Alternativly you can add two routes:
0.0.0.0 netmask 128.0.0.0 and
128.0.0.0 netmask 128.0.0.0

then you have routes, that overwrites the existing default. You have only to add this specific routes on openvpn up and delete on openvpn down.

Openvpn + Routing

5 thoughts on - Openvpn + Routing

Recommended

Recent Posts

Recent Comments

Archives

Categories

Meta