Dashboard Widget "OpenVPN Client Connections" zeigt trotz Verbindung nichts an

[Monviech]

Wo ist denn die Dokumentation noch nicht neu?

https://docs.opnsense.org/manual/how-tos/sslvpn_instance_roadwarrior.html

[trixter]

als Beispiel:

gerade das Redirect gateway wirft nicht nur bei mir Fragen auf.

da gibt es viel mehr Möglichkeiten als nur "default" oder nichts - wie unter https://docs.opnsense.org/manual/how-tos/sslvpn_instance_roadwarrior.html

Da würde ich schon zu jeder Option zumindest einen Hinweis erwarten wozu diese gut ist.

[franco]

Ab einem gewissen Punkt muss man zwangsläufig auch die Upstream Doku hinzuziehen wenn man nicht weiss was man tut oder welche Option man nun braucht.

https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/


Grüsse
Franco

[trixter]

bisher war die OpenVPN Doku nicht sehr hilfreich - aber dafür hat man ja jetzt alles Umgestellt:

Doku zum Redirect Gateway:

--redirect-gateway flags
Automatically execute routing commands to cause all outgoing IP traffic to be redirected over the VPN. This is a client-side option.

This option performs three steps:

Create a static route for the --remote address which forwards to the pre-existing default gateway. This is done so that (3) will not create a routing loop.
Delete the default gateway route.
Set the new default gateway to be the VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified).
When the tunnel is torn down, all of the above steps are reversed so that the original default route is restored.

Option flags:

local
Add the local flag if both OpenVPN peers are directly connected via a common subnet, such as with wireless. The local flag will cause step (1) above to be omitted.
autolocal
Try to automatically determine whether to enable local flag above.
def1
Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway.
bypass-dhcp
Add a direct route to the DHCP server (if it is non-local) which bypasses the tunnel (Available on Windows clients, may not be available on non-Windows clients).
bypass-dns
Add a direct route to the DNS server(s) (if they are non-local) which bypasses the tunnel (Available on Windows clients, may not be available on non-Windows clients).
block-local
Block access to local LAN when the tunnel is active, except for the LAN gateway itself. This is accomplished by routing the local LAN (except for the LAN gateway address) into the tunnel.
ipv6
Redirect IPv6 routing into the tunnel. This works similar to the def1 flag, that is, more specific IPv6 routes are added (2000::/4, 3000::/4), covering the whole IPv6 unicast space.
!ipv4
Do not redirect IPv4 traffic - typically used in the flag pair ipv6 !ipv4 to redirect IPv6-only.