# Closed

## dave-gallagher

Last edited by dave-gallagher on Fri Jan 13, 2023 1:43 am; edited 4 times in total

----------

## sp7xfq

Hi,

You have configured `redirect-gateway` in your openvpn config file, this means that remote clients treats your server as default network gateway and your server should redirect its packets to the Internet. To do this you should also set packet forwarding:

```
echo 1 > /proc/sys/net/ipv4/ip_forward
```

Or I think (I've not tested this) maybe setting route-gateway to the same as default route in your server will be enough. 

And about your ping tests, there is simple explanation for this behaviour. When you run ping command at first it got  from the system some variables, among other things routing table, and it use these as long as it running. So, next you are establishing VPN tunnel which change  routing table, especially default gateway, but running ping, does not ``know`` about it since it got this as startup.

br.

----------

## thesnowman

I think the problem is your 

```
push "redirect-gateway def1"
```

line.  How do the clients know the IP address of def1?  Do they have it hardcoded in the their hosts file?

Also, the reason your dhcp-option DNS line isn't working is because it only works out-of-the-box on windows clients.  Non-windows clients require a client-side up script to interpret the dhcp-options and configure the clients appropriately.

It would also be quite trivial to port the bridging script to be more gentoo specific and use the baselayout network scripts to bring it up.

----------

## sp7xfq

Hi, thesnowman

Due to openvpn manual the `def1` flag is correct.

 *`man openvpn` wrote:*   

> Add  the  def1  flag  to  override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0.
> 
> This has the benefit of overriding but not wiping out the original default gateway.
> 
> Using the def1 flag is highly recommended, and is currently planned to become the default by OpenVPN 2.1.

 

----------

## thesnowman

Sorry sp7xfq, I should have looked that up before replying.

What does the route command say when you are connected to the VPN?

What about your log files when the clients connect?  OpenVPN should be logging the fact that it is changing the default gateway on the client.  You may need to increase your verbosity to see this...

----------

## dave-gallagher

Last edited by dave-gallagher on Fri Jan 13, 2023 1:36 am; edited 2 times in total

----------

## dave-gallagher

Last edited by dave-gallagher on Fri Jan 13, 2023 1:36 am; edited 2 times in total

----------

## dave-gallagher

Last edited by dave-gallagher on Fri Jan 13, 2023 1:36 am; edited 2 times in total

----------

## thesnowman

On Linux the route command with no arguments will print the routing table.  On Windows you need to use "route print".  Not sure about OS X.

I'm not sure why you think your default gateway is 10.33.3.250.  Both trace routes show 172.17.1.1 as being the default gateway and this is the ip address being pushed by the OpenVPN server as shown in this line:

```
Sun 12/03/06 05:51 PM: gw 172.17.1.1
```

Also, why is your OpenVPN server given an address of 10.33.3.5?  Shouldn't it be in the 172.17.1.0/24 range so it can talk to the Linksys?

I don't see how you can be testing this from your LAN.  You said you are VPN'ing to your ISP (PPTP?) and then connecting back to your public IP.  How does this work?  To accurately test this I would suggest testing from a completely separate network with internet access.

----------

