Tjyylli

Examples of a statistic that is not independent of sample's distribution?

A three room house but a three headED dog

Why don't MCU characters ever seem to have language issues?

Good allowance savings plan?

Making a sword in the stone, in a medieval world without magic

How to create a hard link to an inode (ext4)?

Why does the negative sign arise in this thermodynamic relation?

infinitive telling the purpose

Replacing Windows 7 security updates with anti-virus?

How do you like my writing?

How did the power source of Mar-Vell's aircraft end up with her?

Is there an elementary proof that there are infinitely many primes that are *not* completely split in an abelian extension?

Word for a person who has no opinion about whether god exists

Why is this plane circling around the Lucknow airport every day?

What does a stand alone "T" index value do?

Good for you! in Russian

How much attack damage does the AC boost from a shield prevent on average?

What wound would be of little consequence to a biped but terrible for a quadruped?

Low budget alien movie about the Earth being cooked

Why is Beresheet doing a only a one-way trip?

Force user to remove USB token

How strictly should I take "Candidates must be local"?

Set and print content of environment variable in cmd.exe subshell?

Exporting list of URLs

What does push “route 0.0.0.0” do in the OpenVPN server.conf file?

How to set routes on Windows so that traffic is allowed through VPN only?Redirecting or routing all traffic to OpenVPN on a Mac OS X clientOpenVPN route all traffic except select local subnetsOpenVPN route missingHow to route openvpn-server traffic over the vpn itselfWhat is “push route” used for in OpenVPN?OpenVPN: routing VPN traffic over eth1 with static route as gatewayHow to use push “route 10.0.0.0 255.255.255.0” on pfSenseOpenVPN - redirect-gateway not working

0

I am wondering what is the role of push "route 0.0.0.0" in /etc/openvpn/server.conf. In fact, I had a push "route 0.0.0.0 " line (notice the space at the end) in my server.conf file, and I had to comment it out in order to gain access to my server-side LAN and to the Internet through the VPN connection. I am assuming it is a catch-all rule for all network traffic that does not comply with other routes... Is that what it is? And if so, what's the gateway then?

linux networking routing openvpn gateway

share|improve this question

asked Sep 29 '17 at 14:40

Jean-François BeauchampJean-François Beauchamp

1509

bumped to the homepage by Community♦ 57 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  The default route is encoded as 0.0.0.0.
  
  – dirkt
  Sep 30 '17 at 7:43
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @dirkt And what would be the gateway for that default route?
  
  – Jean-François Beauchamp
  Oct 1 '17 at 0:00
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  None (which would be a bug), unless it's specified somewhere else in the configuration with route-gateway.
  
  – dirkt
  Oct 1 '17 at 4:32
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @dirkt Would push "redirect-gateway def1" do the job? It is the only mention of gateway I can find in my server.conf file.
  
  – Jean-François Beauchamp
  Oct 2 '17 at 21:57
  

  
  
  
  

add a comment | 

0

I am wondering what is the role of push "route 0.0.0.0" in /etc/openvpn/server.conf. In fact, I had a push "route 0.0.0.0 " line (notice the space at the end) in my server.conf file, and I had to comment it out in order to gain access to my server-side LAN and to the Internet through the VPN connection. I am assuming it is a catch-all rule for all network traffic that does not comply with other routes... Is that what it is? And if so, what's the gateway then?

linux networking routing openvpn gateway

share|improve this question

asked Sep 29 '17 at 14:40

Jean-François BeauchampJean-François Beauchamp

1509

bumped to the homepage by Community♦ 57 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  The default route is encoded as 0.0.0.0.
  
  – dirkt
  Sep 30 '17 at 7:43
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @dirkt And what would be the gateway for that default route?
  
  – Jean-François Beauchamp
  Oct 1 '17 at 0:00
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  None (which would be a bug), unless it's specified somewhere else in the configuration with route-gateway.
  
  – dirkt
  Oct 1 '17 at 4:32
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @dirkt Would push "redirect-gateway def1" do the job? It is the only mention of gateway I can find in my server.conf file.
  
  – Jean-François Beauchamp
  Oct 2 '17 at 21:57
  

  
  
  
  

add a comment | 

I am wondering what is the role of push "route 0.0.0.0" in /etc/openvpn/server.conf. In fact, I had a push "route 0.0.0.0 " line (notice the space at the end) in my server.conf file, and I had to comment it out in order to gain access to my server-side LAN and to the Internet through the VPN connection. I am assuming it is a catch-all rule for all network traffic that does not comply with other routes... Is that what it is? And if so, what's the gateway then?

linux networking routing openvpn gateway

share|improve this question

asked Sep 29 '17 at 14:40

Jean-François BeauchampJean-François Beauchamp

1509

share|improve this question

asked Sep 29 '17 at 14:40

Jean-François BeauchampJean-François Beauchamp

1509

share|improve this question

asked Sep 29 '17 at 14:40

Jean-François BeauchampJean-François Beauchamp

1509

asked Sep 29 '17 at 14:40

Jean-François BeauchampJean-François Beauchamp

1509

asked Sep 29 '17 at 14:40

Jean-François BeauchampJean-François Beauchamp

1509

2 Answers
2

active

oldest

votes

0

If you use push "redirect-gateway def1", you are already pushing the default route (in the form of two /1 address ranges), with the correct gateway (the VPN server).

So that already does what you'd think push "route 0.0.0.0" would do, except it didn't miss the gateway option.

share|improve this answer

answered Oct 4 '17 at 5:23

dirktdirkt

9,42931221

add a comment | 

0

I’ll just quote the manual:

--route network/IP [netmask] [gateway] [metric]
Add route to routing table after connection is established. Multiple routes can be specified. Routes will be automatically torn down in reverse order prior to TUN/TAP device close.

This option is intended as a convenience proxy for the route(8) shell command, while at the same time providing portable semantics across OpenVPN's platform space.

netmask default -- 255.255.255.255

gateway default -- taken from --route-gateway or the second parameter to --ifconfig when --dev tun is specified.

The default can be specified by leaving an option blank or setting it to "default".

The network and gateway parameters can also be specified as a DNS or /etc/hosts file resolvable name, or as one of three special keywords:

vpn_gateway -- The remote VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified).

net_gateway -- The pre-existing IP default gateway, read from the routing table (not supported on all OSes).

remote_host -- The --remote address if OpenVPN is being run in client mode, and is undefined in server mode.

As you can see, specifying the next hop is optional. Your server configuration most likely implicitly pushes either route-gateway, ifconfig, or both.

share|improve this answer

answered Oct 4 '17 at 5:53

Daniel BDaniel B

34.2k76487

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1254830%2fwhat-does-push-route-0-0-0-0-do-in-the-openvpn-server-conf-file%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

If you use push "redirect-gateway def1", you are already pushing the default route (in the form of two /1 address ranges), with the correct gateway (the VPN server).

So that already does what you'd think push "route 0.0.0.0" would do, except it didn't miss the gateway option.

share|improve this answer

answered Oct 4 '17 at 5:23

dirktdirkt

9,42931221

add a comment | 

0

If you use push "redirect-gateway def1", you are already pushing the default route (in the form of two /1 address ranges), with the correct gateway (the VPN server).

So that already does what you'd think push "route 0.0.0.0" would do, except it didn't miss the gateway option.

share|improve this answer

answered Oct 4 '17 at 5:23

dirktdirkt

9,42931221

add a comment | 

If you use push "redirect-gateway def1", you are already pushing the default route (in the form of two /1 address ranges), with the correct gateway (the VPN server).

So that already does what you'd think push "route 0.0.0.0" would do, except it didn't miss the gateway option.

share|improve this answer

answered Oct 4 '17 at 5:23

dirktdirkt

9,42931221

share|improve this answer

answered Oct 4 '17 at 5:23

dirktdirkt

9,42931221

answered Oct 4 '17 at 5:23

dirktdirkt

9,42931221

answered Oct 4 '17 at 5:23

dirktdirkt

9,42931221

0

I’ll just quote the manual:

--route network/IP [netmask] [gateway] [metric]
Add route to routing table after connection is established. Multiple routes can be specified. Routes will be automatically torn down in reverse order prior to TUN/TAP device close.

This option is intended as a convenience proxy for the route(8) shell command, while at the same time providing portable semantics across OpenVPN's platform space.

netmask default -- 255.255.255.255

gateway default -- taken from --route-gateway or the second parameter to --ifconfig when --dev tun is specified.

The default can be specified by leaving an option blank or setting it to "default".

The network and gateway parameters can also be specified as a DNS or /etc/hosts file resolvable name, or as one of three special keywords:

vpn_gateway -- The remote VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified).

net_gateway -- The pre-existing IP default gateway, read from the routing table (not supported on all OSes).

remote_host -- The --remote address if OpenVPN is being run in client mode, and is undefined in server mode.

As you can see, specifying the next hop is optional. Your server configuration most likely implicitly pushes either route-gateway, ifconfig, or both.

share|improve this answer

answered Oct 4 '17 at 5:53

Daniel BDaniel B

34.2k76487

add a comment | 

0

I’ll just quote the manual:

--route network/IP [netmask] [gateway] [metric]
Add route to routing table after connection is established. Multiple routes can be specified. Routes will be automatically torn down in reverse order prior to TUN/TAP device close.

This option is intended as a convenience proxy for the route(8) shell command, while at the same time providing portable semantics across OpenVPN's platform space.

netmask default -- 255.255.255.255

gateway default -- taken from --route-gateway or the second parameter to --ifconfig when --dev tun is specified.

The default can be specified by leaving an option blank or setting it to "default".

The network and gateway parameters can also be specified as a DNS or /etc/hosts file resolvable name, or as one of three special keywords:

vpn_gateway -- The remote VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified).

net_gateway -- The pre-existing IP default gateway, read from the routing table (not supported on all OSes).

remote_host -- The --remote address if OpenVPN is being run in client mode, and is undefined in server mode.

As you can see, specifying the next hop is optional. Your server configuration most likely implicitly pushes either route-gateway, ifconfig, or both.

share|improve this answer

answered Oct 4 '17 at 5:53

Daniel BDaniel B

34.2k76487

add a comment | 

I’ll just quote the manual:

--route network/IP [netmask] [gateway] [metric]
Add route to routing table after connection is established. Multiple routes can be specified. Routes will be automatically torn down in reverse order prior to TUN/TAP device close.

This option is intended as a convenience proxy for the route(8) shell command, while at the same time providing portable semantics across OpenVPN's platform space.

netmask default -- 255.255.255.255

gateway default -- taken from --route-gateway or the second parameter to --ifconfig when --dev tun is specified.

The default can be specified by leaving an option blank or setting it to "default".

The network and gateway parameters can also be specified as a DNS or /etc/hosts file resolvable name, or as one of three special keywords:

vpn_gateway -- The remote VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified).

net_gateway -- The pre-existing IP default gateway, read from the routing table (not supported on all OSes).

remote_host -- The --remote address if OpenVPN is being run in client mode, and is undefined in server mode.

As you can see, specifying the next hop is optional. Your server configuration most likely implicitly pushes either route-gateway, ifconfig, or both.

share|improve this answer

answered Oct 4 '17 at 5:53

Daniel BDaniel B

34.2k76487

share|improve this answer

answered Oct 4 '17 at 5:53

Daniel BDaniel B

34.2k76487

answered Oct 4 '17 at 5:53

Daniel BDaniel B

34.2k76487

answered Oct 4 '17 at 5:53

Daniel BDaniel B

34.2k76487