something get me missed when using split tunneling

dr.x · 04-07-2014, 11:02 AM

hi all ,
ive installed openvpn @ centos 6.x distribution .
the client is win7 with openvpn client
i followed:
http://www.servermom.org/how-to-build-o ... s-6-x/732/

its okay when i use the configs with no modification ,
i can use ovpn and go intrnet from my tunnel
but .....

but i have a problem , i need by ovpn to reach some subntes , i mean i dont want a default route from ovpn server.
so ,
i modified the client side only and i have :
Code:
client
dev tun
proto udp
remote x.x.64.4
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
reneg-sec 0
verb 3
route-nopull
route x.x.79.0 255.255.255.255 vpn_gateway

after that , when i type netstat -r , i see that i has a route to x.x.79.0 to the tunnel gateway which is
10.8.0.1

and thats seem that its okay with split tunneling . :roll:

but
the problem is , i cant reach this subnet !!!!
i mean the trace to it is always down :

Code:
C:\Users\Toshiba_C660>tracert -d x.x.79.255

Tracing route to x.x.79.255 over a maximum of 30 hops

1 * ^C

but ,

if i removed the lines :
Code:
route-nopull
route x.x.79.0 255.255.255.255 vpn_gateway

i have internet and full access from the tunnel and i can access the subnet from the tunnel without any problems ?!

the question is
what could be the problem ??
agian , i dont modify anything from server , all my changin is only from client ??!!

here is config of server
cat /etc/openvpn/server.conf
Code:
port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS
#plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf #- Uncomment this line if you are using FreeRADIUS
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3

anyhelp ?
???????????????????????????????????

regards