OpenVPN tap/bridge: redirect-gateway - not working?

Started by daniel78, July 10, 2020, 03:16:04 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 10, 2020, 03:16:04 PM
Hi!

I have an OpenVPN server in bridge mode with a tap interface on OPNsense which is working so far: I can succesfully connect to the VPN, receive an internal IP (from OPNsense DHCP) and can reach internal resources in the remote OPNsense "LAN".

I have also  checked "Redirect Gateway" in the server config because I want to have all my local traffic sent through OpenVPN and use the remote Uplink (and its public ip) of the OPNsense server for "internet access" on the VPN-client.
This does not work reliable. The client still routes all traffic to its local default gateway. There is a "NOTE" in Windows 10 OpenVPN logfile:

Code Select
Fri Jul 10 14:56:43 2020 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing

The routing table looks like that and I think the "Metrik" is the problem? 192.168.41.1 is the local clients default gateway and 192.168.100.0/24 is the remote OPNsenses LAN to which I am bridged with, 192.168.100.7 beeing the local OpenVPN IP received from OPNsense DHCP:

Code Select

IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0     192.168.41.1    192.168.41.87     25
          0.0.0.0          0.0.0.0    192.168.100.1    192.168.100.7     25
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    331
...


If I manually set
Code Select
route-gateway 192.168.100.1 (where 192.168.100.1 is the internal LAN adapter IP of the OPNsense) in my openvpn-client config it works as expected and all my traffic is sent through the tunnel. The routing table looks like:

Code Select


IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0     192.168.41.1    192.168.41.87     25
          0.0.0.0          0.0.0.0    192.168.100.1    192.168.100.7     25
          0.0.0.0        128.0.0.0    192.168.100.1    192.168.100.7    281
....


Is this expected behaviour? DO I have to manually deploy the "route-gateway 192.168.100.1" to all my clients?

Thanks for any help with this.

Best regards
July 10, 2020, 04:16:43 PM #1
It doesn't really make sense to use redirect-gateway in bridge mode.
Usually your client should be in the same network as the remote, so you can just set the gateway at the client (or via DHCP)
July 12, 2020, 08:52:08 AM #2
 :) Thanks for the help! After removing the "Redirect Gateway" option it now works. As expected. All internet traffic is going through the vpn to the OPNsense.

Just for understanding this: Yes, my VPN client has now received an IP from the OPNsenses LAN DHCP on the OpenVPN Adapter and an IP from the LOCAL DHCP (which provides also a default gateway) server. How does my Windows client "know" that he has to send everything through the OpenVPN tunnel?

Print
Go Up Pages1
User actions