Text only | Text with Images

OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: daniel78 on July 10, 2020, 03:16:04 PM

Title: OpenVPN tap/bridge: redirect-gateway - not working?
Post by: daniel78 on July 10, 2020, 03:16:04 PM
Hi!

I have an OpenVPN server in bridge mode with a tap interface on OPNsense which is working so far: I can succesfully connect to the VPN, receive an internal IP (from OPNsense DHCP) and can reach internal resources in the remote OPNsense "LAN".

I have also  checked "Redirect Gateway" in the server config because I want to have all my local traffic sent through OpenVPN and use the remote Uplink (and its public ip) of the OPNsense server for "internet access" on the VPN-client.
This does not work reliable. The client still routes all traffic to its local default gateway. There is a "NOTE" in Windows 10 OpenVPN logfile:

Code Select
Fri Jul 10 14:56:43 2020 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing

The routing table looks like that and I think the "Metrik" is the problem? 192.168.41.1 is the local clients default gateway and 192.168.100.0/24 is the remote OPNsenses LAN to which I am bridged with, 192.168.100.7 beeing the local OpenVPN IP received from OPNsense DHCP:

Code Select

IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0     192.168.41.1    192.168.41.87     25
          0.0.0.0          0.0.0.0    192.168.100.1    192.168.100.7     25
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    331
...


If I manually set
Code Select
route-gateway 192.168.100.1 (where 192.168.100.1 is the internal LAN adapter IP of the OPNsense) in my openvpn-client config it works as expected and all my traffic is sent through the tunnel. The routing table looks like:

Code Select


IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0     192.168.41.1    192.168.41.87     25
          0.0.0.0          0.0.0.0    192.168.100.1    192.168.100.7     25
          0.0.0.0        128.0.0.0    192.168.100.1    192.168.100.7    281
....


Is this expected behaviour? DO I have to manually deploy the "route-gateway 192.168.100.1" to all my clients?

Thanks for any help with this.

Best regards
Title: Re: OpenVPN tap/bridge: redirect-gateway - not working?
Post by: mimugmail on July 10, 2020, 04:16:43 PM
It doesn't really make sense to use redirect-gateway in bridge mode.
Usually your client should be in the same network as the remote, so you can just set the gateway at the client (or via DHCP)
Title: Re: OpenVPN tap/bridge: redirect-gateway - not working?
Post by: daniel78 on July 12, 2020, 08:52:08 AM
 :) Thanks for the help! After removing the "Redirect Gateway" option it now works. As expected. All internet traffic is going through the vpn to the OPNsense.

Just for understanding this: Yes, my VPN client has now received an IP from the OPNsenses LAN DHCP on the OpenVPN Adapter and an IP from the LOCAL DHCP (which provides also a default gateway) server. How does my Windows client "know" that he has to send everything through the OpenVPN tunnel?

Text only | Text with Images