Yo,
Gert Doering wrote:
Hi,
On Wed, Jul 08, 2015 at 06:26:33PM +0200, Jan Just Keijser wrote:
AFAICT windows does support that option (that's what I was referring
to with options 121 or 249) . OTOH, I am *not* sure if it allows you
to set a 0.0.0.0/1 route using that option, but I guess there's only
one way to find out.
FWIW: I've patched openvpn to set routes using DHCP on Windows and yes,
it works: I can add any route to the system routing tables, including
0.0.0.0/1 and 128.0.0.1/1 ; this could be used as an alternative to
requiring elevated privileges.
Unless you can also set the host route for the VPN gateway (point to
a gateway on a *different* interface), this is not really helping...
just adding 2x /1 will just cause recursion as packets to the VPN server
will be happily routed into the tap interface again.
as usual, Gert is right :(
I've added an explicit /32 route to the OpenVPN server via DHCP , which
Windows picks up, including the right LAN GW address *BUT* it associates
it with the VPN interface, not the regular LAN interface. Thus you end
up with a "bite your own tail" route and the VPN collapses.
So I guess the only thing this DHCP-trick is useful for is if you're not
redirecting all traffic - in that case you can run openvpn in
non-privileged mode and set a bunch of routes to go over the VPN, just
not the default route.
@Selva: my current patch contains hardcoded addresses and is just a
proof-of-concept. I cannot share the executable with you.
JJK
