Todo #2480
Add checkbox to OpenVPN client/server to exlcude VPN server from (pushed) routes
| Status: | New | Start date: | 06/08/2012 | |
|---|---|---|---|---|
| Priority: | Low | Due date: | ||
| Assignee: |  Jim P |
% Done: | 0% |
|
| Category: | OpenVPN | |||
| Target version: | - | |||
| Affected version: | Affected Architecture: |
Description
If you try to push a route, or route directly, for the subnet containing the VPN server, OpenVPN would accept the route but then route the actual VPN traffic over the tunnel so it would never go anywhere.
OpenVPN supports some internal macros that let you setup an exclusion for this automatically.
On the SSL/TLS server side, such a checkbox would add this to the config:
push "route remote_host 255.255.255.255 net_gateway"
On the client side (SSL/TLS or Shared Key, Maybe even Shared Key Server), it would add:
route remote_host 255.255.255.255 net_gateway
That tells OpenVPN to always use the actual gateway for traffic going to the VPN endpoint, so we don't even need any code to automatically fill in those fields.
The only bit to check would be how this behaves if there is already a static route present for the tunnel endpoint. If there is one, this line may not be relevant/necessary.