[eside-ghost] openvp y windows

[eagle]

2010/1/19 andoni <andoni.list a bildua gmail.com>:
> hola,
> a ver si alguien me puede ayudar
>
> Tengo un servidor con debian en el que esta instalado openvpn y un
> cliente windows que se conecta a la
> vpn con openvpn gui, la conexion la hace perfectamente. puedo hacer ping
> a la interfaz tap0 del servidor.
> El problema esta en que quiero navegar a traves de esa vpn, que hago?

Entiendo que quieres redirigir todo el tráfico a través de la vpn.

> Me imagino que lo que tengo que hacer es añadir una ruta en windows que
> me enrute a traves de
> vpn.

Las rutas las recibe el cliente del servidor. Así como los servidores
de DHCP. Además, windows tiene un "fallo" que no actualiza los
servidores DNS [1].

Respecto a los ficheros de configuración del servidor:

# If enabled, this directive will configure
	# all clients to redirect their default
	# network gateway through the VPN, causing
	# all IP traffic such as web browsing and
	# and DNS lookups to go through the VPN
	# (The OpenVPN server machine may need to NAT
	# or bridge the TUN/TAP interface to the internet
	# in order for this to work properly).
	push "redirect-gateway def1 bypass-dhcp"


	O si queremos que tenga los DNS del servidor. Definir como DNS el
gateway del servidor.


	# If enabled, this directive will configure
	# all clients to redirect their default
	# network gateway through the VPN, causing
	# all IP traffic such as web browsing and
	# and DNS lookups to go through the VPN
	# (The OpenVPN server machine may need to NAT
	# the TUN/TAP interface to the internet in
	# order for this to work properly).
	# CAVEAT: May break client's network config if
	# client's local DHCP server packets get routed
	# through the tunnel.  Solution: make sure
	# client's local DHCP server is reachable via
	# a more specific route than the default route
	# of 0.0.0.0/0.0.0.0.
	push "redirect-gateway"


	# Certain Windows-specific network settings
	# can be pushed to clients, such as DNS
	# or WINS server addresses.  CAVEAT:
	# http://openvpn.net/faq.html#dhcpcaveats
	push "dhcp-option DNS 192.168.1.254"
	;push "dhcp-option WINS 10.8.0.1"



	Notas:
	
	Add the following directive to the server configuration file:

	    push "redirect-gateway def1"

	If your VPN setup is over a wireless network, where all clients and
the server are on the same wireless subnet, add the local flag:

	    push "redirect-gateway local def1"


Configurar los elementos de la red



	Pushing the redirect-gateway option to clients will cause all IP
network traffic originating on client machines to pass through the
OpenVPN server. The server will need to be configured to deal with
this traffic somehow, such as by NATing it to the internet, or routing
it through the server site's HTTP proxy.

	On Linux, you could use a command such as this to NAT the VPN client
traffic to the internet:

	    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

	This command assumes that the VPN subnet is 10.8.0.0/24 (taken from
the server directive in the OpenVPN server configuration) and that the
local ethernet interface is eth0.

	When redirect-gateway is used, OpenVPN clients will route DNS queries
through the VPN, and the VPN server will need handle them. This can be
accomplished by pushing a DNS server address to connecting clients
which will replace their normal DNS server settings during the time
that the VPN is active. For example:

	    push "dhcp-option DNS 10.8.0.1"

	will configure Windows clients (or non-Windows clients with some
extra server-side scripting) to use 10.8.0.1 as their DNS server. Any
address which is reachable from clients may be used as the DNS server
address.


Espero haber ayudado. Si tienes dudas siempre puedes consultar la web
de openvpn.net


[1] http://support.microsoft.com/kb/311218/en-us/

http://openvpn.net/index.php/open-source/documentation/howto.html#redirect

http://openvpn.net/index.php/open-source/documentation.html

http://openvpn.net/index.php/open-source/documentation/howto.html