OpenVPN routing problem on N900
 

I have OpenVPN installed and working on tomato flashed router using a static key and tap. I'm using a win xp laptop successfully with this setup.

I wanted to try and get the N900 to work with it as well. It installed OpenVPN and the applet fine. When I run the test, it all looks good. When I connect, it looks good too except the routing through the vpn doesn't work. I am not familiar enough with this stuff to understand why though.

Here is the config:
Here is the test output:

Any help is greatly appreciated.

- Greg

Re: OpenVPN routing problem on N900
 

>Mon Dec 21 11:09:52 2009 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system

redirect-gateway doesn't work when cellular (3g/gprs) connection is used. Reason is stated in above error message

Re: OpenVPN routing problem on N900
 

Is this a software limitation? Any way around it? I'm posting this on my computer that is using the N900 as a modem on GSM through a VPN to our work without any issues.

Re: OpenVPN routing problem on N900
 

It is because how network interfaces are setup on N900, so you could say it's a software limitation.

There may be workaround for it, see http://talk.maemo.org/showthread.php...hlight=openvpn (actually these threads should be merged)

Re: OpenVPN routing problem on N900
 

Workaround (script) found here works just fine:
https://bugs.maemo.org/show_bug.cgi?id=7596#c9

- Copied the script to /etc/openvpn
- Added
to my openvpn config file and all traffic was tunneled (tested with Wireshark). BTW, there is one last thing I had to do in order to get DNS resolution, I had to add
Where 192.168.0.254 is the address of my router at home to either /var/run/resolv.conf.gprs or /var/run/resolv.conf.wlan0 depending of the connection.

To automate that process I simply added the following to the workaround script found up there:
As a side note here are the special options I have enabled in my openvpn config:

:) I now have OpenVPN working on both Wifi and Gprs with full internet traffic routed through the tunnel... cool!

Re: OpenVPN routing problem on N900
 

Just checking that you guys know what the "redirect-gateway" option does?

It replaces the default gateway on the client/device and makes *all* your network traffic from the client/device go via the (slow) VPN.

So if you are just using a VPN to allow access to machines on a private LAN then you probably don't want it.

Re: OpenVPN routing problem on N900
 

Yep.. that was the intended purpose especially when browsing the web from untrusted locations such as public WiFi hot spots.

As a side note, if you use password protected certificates you will have to add to the OpenVPN config file in order to get prompted for your password by OpenVPN-gui applet (very convenient).

Alphazo

Re: OpenVPN routing problem on N900
 

I added to the openvpn client config file the following 3 lines:

script-security 2
up /etc/openvpn/maemo-update-resolvconf
down /etc/openvpn/maemo-update-resolvconf

The script maemo-update-resolvconf existed already.
This works for me very fine with wlan and gprs/umts.

Cheers

mr.zoom

Re: OpenVPN routing problem on N900
 

What does this addition do?

Thanks

Re: OpenVPN routing problem on N900
 

Hi Dave

• script-security 2 # sets the security settings that you can run external scripts
• up /etc/openvpn/maemo-update-resolvconf # runs the script maemo-update-resolvconf if your vpn connection is up
• down /etc/openvpn/maemo-update-resolvconf # runs the script maemo-update-resolvconf if your vpn connection is down

The maemo-update-resolvconf script existed on my phone already after the installation of openvpn on my phone. The script takes the dns settings from your openvpn environment and writes it in your /etc/resolv.conf if the connection is up. If you disconnect it wirtes the orginal settings to the /etc/resolv.conf.

Cheers

mr.zoom