# [Solved] OpenVPN - bridging, default gw

## bastibasti

Hi.

Here's my setup.

Server already uses TAP bridges for qemu. 

Server.conf

```

dev tap0

proto tcp-server

port 1194

mode server

tls-server

float

dh /etc/openvpn/ssl/keys/dh1024.pem

ca /etc/openvpn/ssl/keys/ca.crt

cert /etc/openvpn/ssl/keys/server.crt

key /etc/openvpn/ssl/keys/server.key

tls-auth /etc/openvpn/ssl/keys/ta.key 0

user nobody

group nogroup

#status /var/log/openvpn/vpn-status.log

#log /var/log/openvpn/vpn.log

comp-lzo

verb 3

#client-to-client

keepalive 10 120

#fragment 1300

mssfix

hand-window 300

tcp-nodelay

```

client.conf

```

client

dev tap1

proto tcp

remote 192.168.123.150 1194

socks-proxy 127.0.0.1 6666

resolv-retry infinite

nobind

persist-key

persist-tun

ca /etc/openvpn/client/ca.crt

cert /etc/openvpn/client/client1.crt

key /etc/openvpn/client/client1.key

comp-lzo

log /var/log/openvpn/client.log

verb 3

status /var/log/openvpn/client-status.log

tls-auth /etc/openvpn/client/ta.key 1

#tls-timeout 240

#connect-timeout 240

#fragment 1300

mssfix

tls-client

script-security 3 system

up /etc/openvpn/up.sh

```

after connecting if have to manually run 

ifconfig tap1 up

dhclient tap1

on the client.. after that my client has a 192.168.0.238 for tap1. Totally correct

Now my client has an IP in my LAN, which works like a charm. I can ping all my hosts at home etc and access them.

Now I would like to change my default route to use the LAN router, which is not the vpn gateway

lets say

openvpn server is 192.168.0.150

Lan default GW is 192.168.0.151

If I do 

```
route add default gw 192.168.123.151
```

the connection is lost. 

How con I fix this?Last edited by bastibasti on Fri Jan 18, 2013 9:01 pm; edited 1 time in total

----------

## bastibasti

I think I forgot to mention one more main point: The connection is running through a ssh tunnel (socks proxy)

So I think when I set the default gw, the ssh connection is lost??

----------

## AngelKnight

It is possible that you forgot to ensure that the aforementioned ssh connection is allowed to use the nexthop you had before you tried to alter the default gateway.

----------

## bastibasti

How can I do that???    :Shocked:   :Shocked:   :Shocked: 

----------

## bastibasti

sorted it...

before setting the default gw to the new one, 

I add a new route for the ssh connection

1) route add $ssh_ip gateway $old_gateway 

2) route del default

3) rout add default gw $new_gw

----------

