hi, is it feasible upon connected to my pptp or ssl vpn my internet traffic will be routed to my remote gateway? if feasible, may i know those steps? thanks
If I understand correctly, you want to use the VPN in Full Tunnel mode.
For SSL: On your Astaro, in WebAdmin, go to Remote Access>>SSL. In the Local Networks box add your internet or Any definition. This will put the VPN into Full Tunnel mode. You will need to redownload the VPN config from the User Portal and apply it to the client.
After I made some changes based on your instructions I got these logs and unable to connect.Any guess?
Thu May 26 11:05:12 2011 OpenVPN 2.1_rc22 i686-pc-cygwin [SSL] [LZO2] built on Mar 16 2010
Thu May 26 11:05:20 2011 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Thu May 26 11:05:20 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu May 26 11:05:20 2011 LZO compression initialized
Thu May 26 11:05:20 2011 Control Channel MTU parms [ L:1556 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu May 26 11:05:20 2011 Data Channel MTU parms [ L:1556 D:1450 EF:56 EB:135 ET:0 EL:0 AF:3/1 ]
Thu May 26 11:05:20 2011 Local Options hash (VER=V4): '619088b2'
Thu May 26 11:05:20 2011 Expected Remote Options hash (VER=V4): 'a4f12474'
Thu May 26 11:05:20 2011 Attempting to establish TCP connection with X.X.X.X:443
Thu May 26 11:05:20 2011 TCP connection established with X.X.X.X:443
Thu May 26 11:05:20 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu May 26 11:05:20 2011 TCPv4_CLIENT link local: [undef]
Thu May 26 11:05:20 2011 TCPv4_CLIENT link remote: X.X.X.X:443
Thu May 26 11:05:49 2011 Connection reset, restarting [0]
Thu May 26 11:05:49 2011 TCP/UDP: Closing socket
Thu May 26 11:05:49 2011 SIGUSR1[soft,connection-reset] received, process restarting
Thu May 26 11:05:49 2011 Restart pause, 5 second(s)
Thu May 26 11:05:54 2011 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Thu May 26 11:05:54 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu May 26 11:05:54 2011 Re-using SSL/TLS context
Thu May 26 11:05:54 2011 LZO compression initialized
Thu May 26 11:05:54 2011 Control Channel MTU parms [ L:1556 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu May 26 11:05:54 2011 Data Channel MTU parms [ L:1556 D:1450 EF:56 EB:135 ET:0 EL:0 AF:3/1 ]
Thu May 26 11:05:54 2011 Local Options hash (VER=V4): '619088b2'
Thu May 26 11:05:54 2011 Expected Remote Options hash (VER=V4): 'a4f12474'
Thu May 26 11:05:54 2011 Attempting to establish TCP connection with X.X.X.X:443
Thu May 26 11:05:54 2011 TCP connection established with X.X.X.X:443
Thu May 26 11:05:54 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu May 26 11:05:54 2011 TCPv4_CLIENT link local: [undef]
Thu May 26 11:05:54 2011 TCPv4_CLIENT link remote: X.X.X.X:443
I've done this in the past with V7, but haven't done it since V8. I know that there were some changes under the hood between the two that might be causing us some difficulty here.
A few things that we can try here.
Remove your internal network from Local Networks, so that only the Any definition is in there.
Check the definition that you used in the definitions section of Astaro. It should resolve as 0.0.0.0/0.
I just tested and it works for me as long as I only have the ANY definition in local networks of the SSL VPN config. Be aware that you will need to add the VPN pool to various areas within Astaro so that traffic from it can use various proxies and services (like allowed networks for web filtering, DNS allowed networks, PF rules for traffic, etc.)
Also, for PPTP and L2TP/IPsec, the selection of full/split tunnel is made in the client. Right-click on the VPN definition, Properties, Networking tab, Internet Protocol, Properties, Advanced. Check or uncheck 'Use default gateway on remote network'.
