Hi, Florent B wrote: >> can you try it without the --route-noexec? the routes need to be >> updated by openvpn or you will need to do it using a 'route-up' script. >> >> > > Ok it seems good. But why missing routes makes CPU crazy ? > And how can I do to build custom routing tables ? I want to use > rt_tables because I don't won't all packets go to OpenVPN server... > it's because they're handing out a public IP to you that's in the same subnet as the VPN server itself:
they are pushing route 46.246.33.130 255.255.255.255 net_gateway route-gateway 46.246.33.1 redirect-gateway def1 topology subnet dhcp-option DOMAIN ipredator.se dhcp-option DNS 46.246.46.46 dhcp-option DNS 194.132.32.23 ip-win32 dynamic ping 10 ping-restart 60 explicit-exit-notify 3 ifconfig 46.246.33.193 255.255.255.0 it's the first route that's crucial here - without it all traffic for subnet 46.246.33/24 will go via the VPN tunnel. The encrypted traffic that is sent to the VPN server needs to go to 46.246.33.130. If no direct route is given, this traffic will be routed via the VPN tunnel, where it is encrypted again etc - "biting your own tail". you can use 'route-noexec' but that first route ABSOLUTELY needs to be added. the tricky part is that the hostname of ipredator.se resolves to multiple IPs so you will need to add the correct route dynamically. A route-up script can do this for you. HTH, JJK ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
