Windows - routing methods

When routes are pushed to a Windows client, there are two methods for adding these routes to the system routing tables:

  • Using the IPAPI helper functions (the default)
  • Using the ROUTE.EXE program

In most cases, the IPAPI method works fine, but sometimes, it is necessary to overrule this behavior. In this recipe, we will show how this is done and what to look for in the client log file to verify that the right method has been chosen.

Getting ready

Set up the client and server certificates using the first recipe from Chapter 2Client-server IP-only Networks. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.11. The client computer was running Windows 7 SP1 and OpenVPN 2.3.11. Keep the configuration file, basic-udp-server.conf, from the Server-side routing recipe in Chapter 2Client-server IP-only Networks at hand. For the client, keep the configuration file, basic-udp-client.ovpn, from the Using an ifconfig-pool block recipe in Chapter 2Client-server IP-only Networks at hand.

How to do it...

  1. Start the server:
    [root@server]# openvpn --config basic-udp-server.conf
    
  2. Add the following lines to the basic-udp-client.ovpn configuration file:
            verb 5 
            route-method ipapi 
    
  3. Save this configuration file as example9-8.ovpn. Start the OpenVPN client with this configuration.
  4. After the connection has been established, bring up the Show Status window again and look at the last lines of the connection log. The log will show lines similar to the following:
            ...  C:WINDOWSsystem32
    oute.exe ADD 10.198.0.0 MASK 
            255.255.0.0 10.200.0.1 
            ... Route addition via IPAPI succeeded 
            ... Initialization Sequence Completed 
    

    Even though the route-method directive was set to ipapi, the log file prints out the path of the Windows route.exe command. The second line shows that the route was actually added using the IPAPI helper functions.

  5. Now, modify the configuration file, example9-8.ovpn, to the following:
            verb 5 
            route-method exe 
    
  6. Restart the OpenVPN client.
  7. Look at the last lines of the connection log again. This time the message, Route addition via IPAPI succeeded, will not be present in the log file, which means that the route.exe command was used. Instead, you will see something similar to this:
            ...  C:WINDOWSsystem32
    oute.exe ADD 10.198.0.0 MASK 
            255.255.0.0 10.200.0.1 
            ... env_block: add PATH=C:WindowsSystem32;C:Windows;... 
            ... Initialization Sequence Completed 
    

    The line starting with env_block indicates that a set of environment variables were set up prior to launching the external route.exe command.

How it works...

The route-method directive has three options:

  • adaptive: First, try the IPAPI method, and fallback to the route.exe method if IPAPI fails. This is the default.
  • ipapi: Always use the IPAPI helper functions to add routes.
  • exe: Always use the external program, route.exe.

Based on this directive, the OpenVPN client will choose how to add routes to the Windows routing tables. Note that if OpenVPN cannot add a route, it will not abort the connection. The current OpenVPN GUI does not detect this and will show a green icon in the taskbar, suggesting a fully successful connection.

There's more...

OpenVPN is preconfigured to look for the route.exe program in the directory where Windows is installed, usually C:WINDOWSsystem32. If Windows is installed in a different directory, the win-sys directive can be used. The win-sys directive has two options:

  • The default option, env, which means that the OpenVPN client will use the contents of the environment variable, windir, to locate the Windows operating system. This environment variable is always set in a normal Windows setup. Starting with OpenVPN 2.3, this is the default setting and a warning message is printed if win-sys env is specified.
  • The directory name where the Windows operating system can be found, for example, D:WINDOWS. This should be used only if the route.exe program is in a non-standard location.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.227.102.111