Hi, On Wed, Jun 03, 2015 at 08:05:21AM +1200, Jason Haar wrote: > In this case using the openvpn tunnel as the default gw should have > solved the problem - but normal people can't figure that out - so I'd > like to solve it dynamically at the server end. However, to do that, the > server would need to know in advance the routing table of the client - > so that it could do something like "if 10.anything is local, then > disable split tunnel and push all traffic through openvpn; else do split > tunnel".
I'm not exactly sure what options the client sends to the server in the "peer-info" handshake (IV_...), but I'm afraid that "routing data" is not part of it... What you could *try* is a magic option I just discovered recently :-) - push "redirect-private", and then push routes for 10.0.0.0/8 (and maybe a few /25s for the really important stuff, to override whatever 10.x netmask the hotel might use). --redirect-private is the bit of --redirect-gateway that figures out the local default gateway, and installs a host route "vpn server -> this gateway", so after that, you're fairly safe to redirect about anything... (As a side note, you're screwed in any case if the hotel gateway happens to use an ip address also used by one of your servers - but to fix *that*, you'd have to go down the "use NAT on the server tun" route...) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpfAugBlkpWA.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users