how to set routing table?

[Bartosz SKOWRON]

hey,

i'm switching from Ubuntu to OSX and I have a problem with OpenVPN
connection.

The connection is working fine however I have to tune my routing table
a bit as for now all connections go through the VPN (and in the result
I'm out of the Internet, just local network).

On Ubuntu, I added some route entries + marked 'use this connection
only for resources of this network' and it's working fine.

Where can I set similar things in Tunnelblick? I just want to prevent
removing my default gateway and add gateways for some addresses for
the VPN.

[Bartosz SKOWRON]

Anyone?

[jkbull...gmail.com]

You say "for now all connections go through the VPN (and in the result I'm out of the Internet, just local network)."

Do you mean that all traffic goes through the VPN and that you would like some traffic to not go through the VPN?

If so, look at the "--redirect-gateway" option on the OpenVPN man page. It sounds like your configuration file specifies "redirect-gateway def1" (or it is being pushed by the VPN server), which causes this behavior.

[Bartosz SKOWRON]

Sorry, it's not what I want.

I try to configure the VPN client. The server pushes redirect-gateway
and I want to avoid it. I know I can use route-nopull however it's not
what want as the server pushes a lot of routing entries. I just want
to ignore/define the default gateway - that's all.

I can do it manually:
route delete default
route add default MY_DEFAULT_IP

I want to do it automatically through Tunnelblick. I tried to add a
short sh script which contained the lines above and then:
script-security 2
up up.sh

but it seems like the up-script is not executed (it's working while
running manually).

here is what i get when run openvpn from the command line:
Wed May 4 00:31:55 2011 us=385799 up.sh tun0 1500 1542 172.22.11.154
172.22.11.153 init
Wed May 4 00:31:55 2011 us=391740 script failed: could not execute
external program


I tried to pust exit 0 at the beginning to see if the problem is
inside the script but it's not.

any ideas?

On Apr 26, 4:57 pm, "jkbull...gmail.com" <jkbull...@gmail.com> wrote:
> You say "for now all connections go through the VPN (and in the result I'm
> out of the Internet, just local network)."
>
> Do you mean that all traffic goes through the VPN and that you would like
> some traffic to not go through the VPN?
>

> If so, look at the "--redirect-gateway" option on the OpenVPN man page<http://openvpn.net/index.php/open-source/documentation/manuals/69-ope...>.

[Bartosz SKOWRON]

Ok, fixed the problem.

However if you know nicer solution than using external script - please
drop the line.

On Apr 26, 4:57 pm, "jkbull...gmail.com" <jkbull...@gmail.com> wrote:

> You say "for now all connections go through the VPN (and in the result I'm
> out of the Internet, just local network)."
>
> Do you mean that all traffic goes through the VPN and that you would like
> some traffic to not go through the VPN?
>

> If so, look at the "--redirect-gateway" option on the OpenVPN man page<http://openvpn.net/index.php/open-source/documentation/manuals/69-ope...>.

[jkbull...gmail.com]

From Known Issues:

If "Set nameserver" is selected, all "up" and "down" options in the OpenVPN configuration file will be ignored. To work around this, include appropriate parts of the standard up/down scripts in your own scripts and select "Do not set nameserver". (The reason for this is that OpenVPN's "down-pre" option cannot be used with the standard "Set nameserver" down script, but may be used by custom scripts, so the two scripts cannot be used together.)

I think that's why your up script doesn't get executed by Tunnelblick.

The 'script failed: could not execute external program' error can happen if you have Windows line breaks in a script -- CR characters. That's an OS X limitation. Remove them and it should execute without error.

You can

1. Use 'Set nameserver' and customize the script that Tunnelblick uses for all configurations. (The up script for 'Set nameserver' is Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh.); or
   
2. Use 'Set nameserver' and reate a script for each configuration which includes all the "up" stuff in the standard script, plus your additions, name the script "up.tunnelblick.sh", put it in a Tunnelblick VPN Configuration, and use Tunnelblick version 3.2beta04 or later (I recommend using the latest beta, 3.2beta10); or
3. Use 'Do not set nameserver', write your own up script, and use an 'up' option in the configuration file to refer to it.

[jkbull...gmail.com]

How did you fix the problem? Please reply so that others can learn.

[Bartosz SKOWRON]

The main problem was...my small experience with the OSX. For testing I
used /home/user/script.sh path and...it's rather /Users/user/
script.sh ;-)

Also, I need to use route-up instead of up to overwrite route settings
pulled from the vpn server.

I don't have access to my Mac this week, so I don't know if I use 'set
nameserver' however what is a purpose of this option? I know what is a
nameserver, just don't know the purpose.

[jkbull...gmail.com]

Set nameserver (and it's alternate versions) cause "up" and "down" scripts to be run. The scripts are generally designed to accept the "pushed" nameserver information that an OpenVPN server can send to the client and set up to use those nameservers. The different versions do it different ways, and some do other things, too.