Hi, On Wed, Jun 03, 2015 at 08:05:21AM +1200, Jason Haar wrote: > In this case using the openvpn tunnel as the default gw should have > solved the problem - but normal people can't figure that out - so I'd > like to solve it dynamically at the server end. However, to do that, the > server would need to know in advance the routing table of the client - > so that it could do something like "if 10.anything is local, then > disable split tunnel and push all traffic through openvpn; else do split > tunnel".
I'm not exactly sure what options the client sends to the server in
the "peer-info" handshake (IV_...), but I'm afraid that "routing data"
is not part of it...
What you could *try* is a magic option I just discovered recently :-) - push
"redirect-private", and then push routes for 10.0.0.0/8 (and maybe a few
/25s for the really important stuff, to override whatever 10.x netmask the
hotel might use).
--redirect-private is the bit of --redirect-gateway that figures out the
local default gateway, and installs a host route "vpn server -> this gateway",
so after that, you're fairly safe to redirect about anything...
(As a side note, you're screwed in any case if the hotel gateway happens
to use an ip address also used by one of your servers - but to fix *that*,
you'd have to go down the "use NAT on the server tun" route...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgpfAugBlkpWA.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
