Package: openvpn Version: 2.0.9-4 Severity: wishlist We are running OpenVPN on a company gateway. The company has a /24 network, e.g. 1.2.3.0/24, and the gateway is at 1.2.3.1. It uses
push "route 1.2.3.0 255.255.255.0" in the server configuration to ensure that all traffic from road warriors to the company network goes via the tunnel. Unfortunately, this also causes the OpenVPN traffic itself to be sent through the tunnel: 10.130.60.5 dev tun0 proto kernel scope link src 10.130.60.6 10.130.60.1 via 10.130.60.5 dev tun0 1.2.3.0/24 via 10.130.60.5 dev tun0 84.72.xx.0/20 dev wan proto kernel scope link src 84.72.xx.xxx default via 84.72.xx.1 dev wan As you can see, traffic to 1.2.3.1 will be routed via tun0, the OpenVPN interface. The solution is obviously to add an explicit /32 route for all peers, just like it is done when push "redirect-gateway" is given on the server side. Since there are no negative side effects I can think of, I suggest making OpenVPN always add explicit /32 routes via the default gateway to its peers, on the server *and* on the client side. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.18-4-amd64 Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems
signature.asc
Description: Digital signature (GPG/PGP)