Hi,
On 03/07/15 15:15, Gert Doering wrote:
On Fri, Jul 03, 2015 at 01:56:39PM +0200, JÁKÓ András wrote:
yes this is possible; it's possible to push multiple gateways and
multiple (classless) routes (dhcp options 121 & 249).
If the metric on the tap-win adapter is set manually and is set low
enough the redirecting the gateway will also work.
However, changing the metric requires evelated access...
Sorry for the noise if that has been discussed before: Instead of
modifying the metric, how about pushing two /1 routes (0.0.0.0/1 and
128.0.0.0/1)?
Would work *if* windows supports the "classless routes" option (which
I'm not sure of) - and if it accepts DHCP on tap to provide a host
route for the VPN server to the original gateway on the normal LAN
interface. Without that host route, routing would loop (we'd send
packets *to* the VPN server into the tunnel, encapsulate, send
to the VPN server, into the tunnel, encapsulate, ... *boom*)
AFAICT windows does support that option (that's what I was referring to
with options 121 or 249) . OTOH, I am *not* sure if it allows you to set
a 0.0.0.0/1 route using that option, but I guess there's only one way to
find out.
As for IPv6: that is going to be a problem indeed, although a draft
exists for handing out IPv6 routes over DHCP(v6); not sure how much work
that would entail though.
I think Heiko's interactive service is "the way forward" but it does
look like the "DHCP route" is too interesting to ignore. I will have
more time next week to explore it, so I'll get back to the list then.
JJK
