question from openvpn user, how to "redirect-gateway" in tincd

Donald Pearson donaldwhpearson at gmail.com
Thu Nov 11 14:15:46 CET 2010 

 To configure clients in OpenVPN there was this directive called:
> --redirect-gateway
>
> that basically (copy and paste from OpenVPN man):
> 1) Create a static route for the --remote address which forwards to
> the pre-existing default gateway. This is done so that (3) will not
> create a routing loop.
> (2) Delete the default gateway route.
> (3) Set the new default gateway to be the VPN endpoint address
> (derived either from --route-gateway or the second parameter to
> --ifconfig when --dev tun is specified).


> In know in tinc I can implement this easily using the tinc-up script
> (when I have Linux/Mac clients), but I have two problems.
>
> The current gateway value is in some env variable ? Or I have to write
> my own script to grep that out or there is something already available
> ?
>
> What if I have windows client ? I have to write a tinc-up script in
> Windows Style script ? I have no idea how to use windows :(
>

I can try to help with the windows part.  Simple Windows scripts are just
text files with a ".bat" file extension.

I think the following would work in tinc-up.bat

route add <remote ip address> mask 255.255.255.255 <current gateway IP
address>
route change 0.0.0.0 mask 0.0.0.0 <tinc server's VPN-reachable ip address>

Your tinc-down.bat would just reverse this

route change 0.0.0.0 mask 0.0.0.0 <original gateway IP address>
route delete <remote ip address>

If you're running tinc on Windows Vista or 7, you might run in to some User
Access Control issues with modifying the routing table.  In those versions
of windows you need to have elevated privileges.  If Tinc is running as a
service I don't think it would be an issue.   If Tinc will be manually run
from the command prompt, the command prompt itself will need to be "run as
administrator" in order to have elevated privileges.


>
> Thanks
>
> Saverio
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20101111/4e9b17f7/attachment.htm>

More information about the tinc mailing list