EDITED - Just added push "redirect-gateway def1"
push "dhcp-option DNS 10.254.1.1"
and it works fine for vista now.. not sure if it will mess it up for my linux client though. Can anyone explain the difference between the linux and windows client setup?
END EDIT
I got openvpn to work for my destop ubuntu and linux reomte server and am able to redirect all my internet traffic through the remote server thanks to this communities help in this post
However im now trying to do the same with my vista desktop acting as client. But when I use the client settings from my ubuntu client in vista with some small modifications it connects successcfully, pings fine but doesnt direct all tracffic. Are there some differences between windows and linux client configs?
here are my vista configs
client
dev tun
proto tcp
remote xxx.xxx.xx.xxx 1194
resolv-retry infinite
nobind
;user nobody
;group nogroup
persist-key
persist-tun
ca ca.crt
cert adamvista.crt
key adamvista.key
ns-cert-type server
cipher BF-CBC
comp-lzo
verb 3
heres the server conf
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.254.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
ive noticed that some tutorials mention in the server configs to use
push "redirect-gateway local def1"
push "dhcp-option DNS 10.8.0.1"
whereas my server.conf for my linux server to linux client only had this int the linux sample i adopted
push "redirect-gateway"
Whats the difference here? is it windows / linux thing?
Can anyone help on these matters?
I also have a lot of tunnel adaptors when i do ipconfig. Perhaps they are creating a problem???? heres the output whilst im connected (excuse the japanese os printout )
Windows IP 構成
ホスト名 . . . . . . . . . . . . : Adam-PC
プライマリ DNS サフィックス . . . . . . . :
ノード タイプ . . . . . . . . . . . . : ハイブリッド
IP ルーティング有効 . . . . . . . . : いいえ
WINS プロキシ有効 . . . . . . . . : いいえ
イーサネット アダプタ ローカル エリア接続 2:
接続固有の DNS サフィックス . . . :
説明. . . . . . . . . . . . . . . : TAP-Win32 Adapter V9
物理アドレス. . . . . . . . . . . : 00-FF-D5-B0-0B-B7
DHCP 有効 . . . . . . . . . . . . : はい
自動構成有効. . . . . . . . . . . : はい
リンクローカル IPv6 アドレス. . . . : fe80::9cc0:63ff:d412:e553%16(優先)
IPv4 アドレス . . . . . . . . . . : 10.254.1.10(優先)
サブネット マスク . . . . . . . . : 255.255.255.252
リース取得. . . . . . . . . . . . : 22 September 2009 19:15:36
リースの有効期限. . . . . . . . . : 22 September 2010 19:15:36
デフォルト ゲートウェイ . . . . . :
DHCP サーバー . . . . . . . . . . : 10.254.1.9
DNS サーバー. . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over TCP/IP . . . . . . . : 有効
イーサネット アダプタ ローカル エリア接続:
接続固有の DNS サフィックス . . . :
説明. . . . . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
物理アドレス. . . . . . . . . . . : 00-23-54-0D-37-61
DHCP 有効 . . . . . . . . . . . . : はい
自動構成有効. . . . . . . . . . . : はい
リンクローカル IPv6 アドレス. . . . : fe80::ed4d:1531:62a3:ab2e%8(優先)
IPv4 アドレス . . . . . . . . . . : 192.168.11.2(優先)
サブネット マスク . . . . . . . . : 255.255.255.0
リース取得. . . . . . . . . . . . : 22 September 2009 18:11:35
リースの有効期限. . . . . . . . . : 24 September 2009 18:11:34
デフォルト ゲートウェイ . . . . . : 192.168.11.1
DHCP サーバー . . . . . . . . . . : 192.168.11.1
DNS サーバー. . . . . . . . . . . : 192.168.11.1
NetBIOS over TCP/IP . . . . . . . : 有効
Tunnel adapter ローカル エリア接続* 6:
メディアの状態. . . . . . . . . . : メディアは接続されていません
接続固有の DNS サフィックス . . . :
説明. . . . . . . . . . . . . . . : Microsoft ISATAP Adapter
物理アドレス. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP 有効 . . . . . . . . . . . . : いいえ
自動構成有効. . . . . . . . . . . : はい
Tunnel adapter ローカル エリア接続* 7:
接続固有の DNS サフィックス . . . :
説明. . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
物理アドレス. . . . . . . . . . . : 02-00-54-55-4E-01
DHCP 有効 . . . . . . . . . . . . : いいえ
自動構成有効. . . . . . . . . . . : はい
IPv6 アドレス . . . . . . . . . . . : 2001:0:cf2e:3096:c01:3e32:3f57:f4fd(優先)
リンクローカル IPv6 アドレス. . . . : fe80::c01:3e32:3f57:f4fd%9(優先)
デフォルト ゲートウェイ . . . . . : ::
NetBIOS over TCP/IP . . . . . . . : 無効
Tunnel adapter ローカル エリア接続* 11:
メディアの状態. . . . . . . . . . : メディアは接続されていません
接続固有の DNS サフィックス . . . :
説明. . . . . . . . . . . . . . . : Microsoft ISATAP Adapter #2
物理アドレス. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP 有効 . . . . . . . . . . . . : いいえ
自動構成有効. . . . . . . . . . . : はい
-
Translation through Google (Hope it's still correct):
Windows IP Configuration
Host Name............: Adam-PC Primary DNS Suffix.......: Node Type............: Hybrid IP Routing Enabled........: No WINS Proxy Enabled........: NoEthernet adapter Local Area Connection 2:
Connection-specific DNS Suffix...: Description...............: TAP-Win32 Adapter V9 Physical Address...........: 00-FF-D5-B0-0B-B7 DHCP Enabled............: Yes Enable automatic configuration...........: Yes Link-local IPv6 Address....: Fe80:: 9cc0: 63ff: d412: e553% 16(preferred) IPv4 Address..........: 10.254.1.10 (preferred) Subnet Mask........: 255.255.255.252 Obtaining a lease............: 22 September 2009 19:15:36 Expiration of the lease.........: 22 September 2010 19:15:36 Default Gateway.....: DHCP Server..........: 10.254.1.9 DNS server...........: Fec0: 0:0: ffff:: 1% 1 fec0: 0:0: ffff:: 2% 1 fec0: 0:0: ffff:: 3% 1 NetBIOS over TCP / IP.......: Enabled
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix...: Description...............: Atheros AR8121/AR8113/AR8114 PCI-EEthernet Controller Physical Address...........: 00-23-54-0D-37-61 DHCP Enabled............: Yes Enable automatic configuration...........: Yes Link-local IPv6 Address....: Fe80:: ed4d: 1531:62 a3: ab2e% 8 (Preferred) IPv4 Address..........: 192.168.11.2 (Preferred) Subnet Mask........: 255.255.255.0 Obtaining a lease............: 22 September 2009 18:11:35 Expiration of the lease.........: 24 September 2009 18:11:34 Default Gateway.....: 192.168.11.1 DHCP Server..........: 192.168.11.1 DNS server...........: 192.168.11.1 NetBIOS over TCP / IP.......: Enabled
Tunnel adapter Local Area Connection * 6:
State of the media..........: Media is not connected Connection-specific DNS Suffix...: Description...............: Microsoft ISATAP Adapter Physical Address...........: 00-00-00-00-00-00-00-E0 DHCP Enabled............: No Enable automatic configuration...........: YesTunnel adapter Local Area Connection * 7:
Connection-specific DNS Suffix...: Description...............: Teredo Tunneling Pseudo-Interface Physical Address...........: 02-00-54-55-4E-01 DHCP Enabled............: No Enable automatic configuration...........: Yes IPv6 Address...........: 2001:0: cf2e: 3096: c01: 3e32: 3f57: f4fd(preferred) Link-local IPv6 Address....: Fe80:: c01: 3e32: 3f57: f4fd% 9 (Preferred) Default Gateway.....::: NetBIOS over TCP / IP.......: Disabled
Tunnel adapter Local Area Connection * 11:
State of the media..........: Media is not connected Connection-specific DNS Suffix...: Description...............: Microsoft ISATAP Adapter # 2 Physical Address...........: 00-00-00-00-00-00-00-E0 DHCP Enabled............: No Enable automatic configuration...........: Yesadam : wow never thought about using google for that. Nice one!From Workshop Alex -
In the linux server you're using "redirect-gateway", it means that the default gateway of the clients has been overriding and is pointing to the VPN. Try using "redirect gateway" and check the results of:
route -n (linux client) route print (windows client)And compare the default routes for both clients. I think that in Windows there is a conflict between routes and that's why using "redirect-gateway local def1" works, because this command doesn't remove the default gateway instead it routes all the traffic through the VPN with 0.0.0.0/1 and 128.0.0.0/1 routes. Check the "route print" results after using "redirect-gateway local def1" to see the differences. Linux clients must not have problems with this config.
adam : Will try this out. Actually i made a typo above. There should be no "local" in the redirect gateway command. But ill give this a shot to see if it helps me understand further whats going on under the hood.From HD
0 comments:
Post a Comment